<table><tr><td style="">davidedmundson added a comment.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D22571">View Revision</a></tr></table><br /><div><div><blockquote style="border-left: 3px solid #a7b5bf; color: #464c5c; font-style: italic; margin: 4px 0 12px 0; padding: 4px 12px; background-color: #f8f9fc;"><p>Can we put some enforcement on the desktop file like requiring that it is root owned?</p></blockquote>

<p>Urgh, please no.</p>

<p>At most maybe we can check the location matches kwin's install_prefix.</p></div></div><br /><div><strong>INLINE COMMENTS</strong><div><div style="margin: 6px 0 12px 0;"><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D22571#inline-127557">View Inline</a><span style="color: #4b4d51; font-weight: bold;">wayland_server.cpp:219</span></div>
<div style="font: 11px/15px "Menlo", "Consolas", "Monaco", monospace; white-space: pre-wrap; clear: both; padding: 4px 0; margin: 0;"><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);">        <span class="p">}</span>
</div><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);">        <span style="color: #aa4000">return</span> <span class="n">QByteArray</span><span class="p">();</span>
</div><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);">    <span class="p">}</span>
</div></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">Can you make us fail if both return an empty byte array.</p></div></div><br /><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D22571#inline-127553">View Inline</a><span style="color: #4b4d51; font-weight: bold;">wayland_server.cpp:227</span></div>
<div style="font: 11px/15px "Menlo", "Consolas", "Monaco", monospace; white-space: pre-wrap; clear: both; padding: 4px 0; margin: 0;"><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);">    <span class="n">QStringList</span> <span class="n">fetchRequestedInterfaces</span><span class="p">(</span><span class="n">KWayland</span><span style="color: #aa2211">::</span><span class="n">Server</span><span style="color: #aa2211">::</span><span class="n">ClientConnection</span> <span style="color: #aa2211">*</span> <span class="n">client</span><span class="p">)</span> <span style="color: #aa4000">const</span> <span class="p">{</span>
</div><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);">        <span style="color: #aa4000">const</span> <span style="color: #aa4000">auto</span> <span class="n">serviceQuery</span> <span style="color: #aa2211">=</span> <span class="n">QStringLiteral</span><span class="p">(</span><span style="color: #766510">"exist Exec and exist [X-KDE-Wayland-Interfaces] and ('%1' =~ Exec or '%2' =~ Exec)"</span><span class="p">).</span><span class="n">arg</span><span class="p">(</span><span class="n">client</span><span style="color: #aa2211">-></span><span class="n">executablePath</span><span class="p">(),</span> <span class="n">QFileInfo</span><span class="p">(</span><span class="n">client</span><span style="color: #aa2211">-></span><span class="n">executablePath</span><span class="p">()).</span><span class="n">fileName</span><span class="p">());</span>
</div><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);">        <span style="color: #aa4000">const</span> <span style="color: #aa4000">auto</span> <span class="n">servicesFound</span> <span style="color: #aa2211">=</span> <span class="n">KServiceTypeTrader</span><span style="color: #aa2211">::</span><span class="n">self</span><span class="p">()</span><span style="color: #aa2211">-></span><span class="n">query</span><span class="p">(</span><span class="n">QStringLiteral</span><span class="p">(</span><span style="color: #766510">"Application"</span><span class="p">),</span> <span class="n">serviceQuery</span><span class="p">);</span>
</div></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">This doesn't protect against the attack of just having a binary called /tmp/plasmashell without a container.</p>

<p style="padding: 0; margin: 8px;">We'll match the executablePath.fileName</p>

<p style="padding: 0; margin: 8px;">Then compare that /tmp/plasmashell matched /tmp/plasmashell</p>

<p style="padding: 0; margin: 8px;">We want to compare /proc/PID/root/ + client->executablePath()<br />
against QStandardPaths::findExecutable(servicesFound.exec())</p>

<p style="padding: 0; margin: 8px;">?</p></div></div></div></div></div><br /><div><strong>REPOSITORY</strong><div><div>R108 KWin</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D22571">https://phabricator.kde.org/D22571</a></div></div><br /><div><strong>To: </strong>apol, Plasma, KWin<br /><strong>Cc: </strong>graesslin, davidedmundson, kwin, LeGast00n, fmonteiro, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, Pitel, iodelay, crozbo, bwowk, ZrenBot, ngraham, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, jensreuterberg, abetts, sebas, apol, mart<br /></div>