<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" content="1" /><style type="text/css">p, li { white-space: pre-wrap; }</style></head><body style=" font-family:'Consolas'; font-size:11pt; font-weight:400; font-style:normal;">Hi all,<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>I've implemented the auto-exec-bit-ifying of .desktop files in KRun and made the changes suggested in the last couple of threads, including using owned-by-root as an exception as originally discussed instead of merely "not writable by user".<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Currently the work is in 3 patches (all attached):<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The first patch changes KDesktopFile::isAuthorizedDesktopFile() to include the extra restrictions that we're placing on .desktop files. This should be applied first as the remaining patches both require this change.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The second path implements security by not allowing klauncher to launch a .desktop file that doesn't meet the criteria given by KDesktopFile::isAuthorizedDesktopFile() (a fairly large change from my first submission but all that's happened is the logic is defined in KDesktopFile instead of being duplicated)<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The third patch is against KRun, and implements the auto +x. This _needs review_, it was basically all written today after I got home from work (which included running 5K in shorts while it was 1 C outside so it was a rough day ;)<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>The idea is pop up a nice dialog [1] giving the user a readable description of what the problem is. A Details button is supposed to be included which contains the Exec= line but isn't working for some reason. Also the amount of text buys us into the dreaded Qt layout vs. X11 bug which I've tried to minimize the effects of. On that note, I'm game to better ways to phrase this dialog, it doesn't seem efficient somehow.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Assuming the user clicks on continue the file is made executable by doing 2 things:<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>1. Add a #!/usr/bin/env xdg-open (if #! is not already present)<br>
- This is done by using KSaveFile, by writing the header and then dumping the .desktop file contents below it. I'm not really happy about manually moving bytes around (especially as v1 in my testing today had an infinite loop) but I don't trust readAll()/write() for library code. Please look at this to make sure I've done it right.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>2. chmod u+x /path/to/foo.desktop (this was simpler ;)<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Assuming everything proceeded swimmingly the .desktop file is then immediately launched.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Is there anything I'm missing here now? Please let me know, otherwise I'd like to know if there are objections to committing on Sunday.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Regards,<br>
- Michael Pyne<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>[1] http://purinchu.net/dumping-ground/krun2.png</p></body></html>