Re: Executable bit on .desktop files: necessary or unwanted?

[snow flurry <snow%datagirl.xyz@localhost>]

On Saturday, 15 February 2025 04:32:42 PST Thomas Klausner wrote:
> Hi!
> 
> While working on digikam I noticed a warning during 'install' about
> the executable bit set on the .desktop files.
> 
> I wondered if that was fine or not and found:
> 
> https://unix.stackexchange.com/questions/373239/what-is-the-advantage-of-des
> ktop-files-without-executable-bit-set
> 
> where it says:
> 
> "KDE and gnome developers introduced a custom hack that somewhat
> deviates the intended Unix file execution permission purpose to add a
> security layer. With this new layer, only .desktop files with the
> executable bit set are taken into account by the desktop environment."
> 
> On my system, most .desktop files I have installed are not executable
> (53 of 64), but some KDE ones and a few others are.
> 
> Should we unify this one way or the other? Does KDE (or any other
> desktop environment) need the executable bit set on .desktop files?
>  Thomas

At least in KDE, if any of the following are the case, the application file is considered "safe":

- The file is in the applications/ subdirectory of $XDG_DATA_DIRS, or whatever Qt defaults to
- The file is owned by root
- The file is executable

There are a few other checks for things like kiosk mode that wouldn't affect most users. For reference, this is where the checks occur:

https://invent.kde.org/frameworks/kconfig/-/blob/master/src/core/kdesktopfile.cpp#L95-155

I don't imagine it'd be harmful to mark them as executable, but I don't typically see .desktop files in the expected locations following that (on my system, 2 out of 307 are chmod +x). The only case I could see it being an issue for KDE is an unprivileged pkgsrc install where the user didn't set $XDG_DATA_DIRS.

-- 
snow flurry <snow%datagirl.xyz@localhost>