+++ This bug was initially created as a clone of Bug #1442231 +++
Description of problem:
There is a bug in Nautilus that makes it possible to disguise a malicious script as an innocent document, like a PDF or ODT, that gets executed when the user opens it.
The upstream nautilus issue  has already been resolved, and will be released in nautilus 3.24. But since this is an important security issue, I think this patch should be backported so that it's fixed in older versions of Fedora.
See this blog post  for more about how this bug allows attackers to compromise Subgraph OS. Fedora is vulnerable to the same type of attack.
Steps to Reproduce:
Make a file called malware.desktop that has this content:
Now make malware.desktop executable (chmod 755 malware.desktop). If you open nautilus and browse to the folder that this document is in, it looks like there's a LibreOffice document called "resume.odt". But when you double-click on it, it runs the attackers code. In this case, it opens the calculator.
--- Additional comment from Jan Kurik on 2017-08-15 02:55:11 EDT ---
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.
This bug can be closed as fixed errata.