[PATCH] .desktop security ++

Michael Pyne mpyne at purinchu.net
Sat Feb 21 05:36:38 GMT 2009 

Hi all,

I've implemented the auto-exec-bit-ifying of .desktop files in KRun and made 
the changes suggested in the last couple of threads, including using owned-by-
root as an exception as originally discussed instead of merely "not writable 
by user".

Currently the work is in 3 patches (all attached):

The first patch changes KDesktopFile::isAuthorizedDesktopFile() to include the 
extra restrictions that we're placing on .desktop files.  This should be 
applied first as the remaining patches both require this change.

The second path implements security by not allowing klauncher to launch a 
.desktop file that doesn't meet the criteria given by 
KDesktopFile::isAuthorizedDesktopFile() (a fairly large change from my first 
submission but all that's happened is the logic is defined in KDesktopFile 
instead of being duplicated)

The third patch is against KRun, and implements the auto +x.  This _needs 
review_, it was basically all written today after I got home from work (which 
included running 5K in shorts while it was 1 C outside so it was a rough day 
;)

The idea is pop up a nice dialog [1] giving the user a readable description of 
what the problem is.  A Details button is supposed to be included which 
contains the Exec= line but isn't working for some reason.  Also the amount of 
text buys us into the dreaded Qt layout vs. X11 bug which I've tried to 
minimize the effects of.  On that note, I'm game to better ways to phrase this 
dialog, it doesn't seem efficient somehow.

Assuming the user clicks on continue the file is made executable by doing 2 
things:

1. Add a #!/usr/bin/env xdg-open (if #! is not already present)
 - This is done by using KSaveFile, by writing the header and then dumping the 
.desktop file contents below it.  I'm not really happy about manually moving 
bytes around (especially as v1 in my testing today had an infinite loop) but I 
don't trust readAll()/write() for library code.  Please look at this to make 
sure I've done it right.

2. chmod u+x /path/to/foo.desktop (this was simpler ;)

Assuming everything proceeded swimmingly the .desktop file is then immediately 
launched.

Is there anything I'm missing here now?  Please let me know, otherwise I'd 
like to know if there are objections to committing on Sunday.

Regards,
 - Michael Pyne

[1] http://purinchu.net/dumping-ground/krun2.png
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/f4a342d3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: brouhaha-001-kdesktopfile.patch
Type: text/x-patch
Size: 1638 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/f4a342d3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: brouhaha-002-klauncher.patch
Type: text/x-patch
Size: 1122 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/f4a342d3/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: brouhaha-003-krun-autoexec.patch
Type: text/x-patch
Size: 7817 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/f4a342d3/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/f4a342d3/attachment.sig>

More information about the kde-core-devel mailing list