[kde-linux] Program Warning Messages

Duncan 1i5t5.duncan at cox.net
Tue Mar 23 04:22:48 UTC 2010 

Kevin Krammer posted on Mon, 22 Mar 2010 20:59:31 +0100 as excerpted:

> On Monday, 2010-03-22, David Baron wrote:
>> I finally got my daughter's account going in kde4.4. Copied her .kde3
>> to
>>  .kde and loggod on. Eventually, she had a desktop. Set her up with the
>>  desktop folder containment and all her icons are there.
>> 
>> Whenever she clicks one, say to play the selected game, a box comes up
>> confirming whether the selected program can be trusted. I never say
>> this on any other user, kde3, kde4, nothing.
>> 
>> How do I get rid of this?
> 
> I think this is an additional security measure [1] when .desktop files
> are "run" but don't have the executable bit set.
> 
> So this should be solvable by changing these files' properties to have
> the "x" bit set.
> 
> Cheers,
> Kevin
> 
> [1] there has been a lengthy discussion around this topic on the main
> freedesktop.org list some time ago.
> Basically the problem is that .desktop files were originally intended to
> be used by starter menu implementation and then got used for desktop
> icons/links as well due to the similar requirements.
> 
> Unfortunately "running" .desktop files did not require the executable
> bit to be set and since they can run any command they could be used to
> easily trick people into running bad things.
> 
> Thus the additional warning but not requiring executable bit for
> compatibility (this might be changed in the future)

Thanks, Kevin.

Someone else had posted a question about that a few months ago, and I 
remembered that it was security issue related, but couldn't remember the 
details, so all I could do was mention that it was a security issue and 
suggest that they google.  At least I was able to point them in the right 
direction, but not much more.

Your post refreshed my memory.

A bit more detail, now that I remember it...  The issue is one of 
indirection, and that it's quite easy to associate any random icon and any 
random action with any particular *.desktop icon, and the fact that the 
directories in question are user writable.

In theory, it could be possible under some circumstances to place a 
*.desktop file with some relatively innocuous but common icon (say... 
firefox), but linked to some anything-but-innocuous action, say...
rm -rf .* (which run as a user won't delete the entire system as it could 
if run as root, but deleting all of a user's home dir could be considered 
as bad, as a system can be reinstalled, but unless the user has 
backups...).

The argument was that the command line in a *.desktop file is in reality 
executed, much like a one-line script, that as such, they should require 
the executable bit set, and that the fact that any old icon can be 
associated with them makes the problem worse.  Requiring the executable 
bit to "run" them isn't not a lot of protection, but people are used to 
being a bit more cautious with executables than with data files, which is 
what these were treated as, before.

System desktop files, as one might find them under /usr/share, for 
instance, are a bit different in that normally they can only be written as 
root, and if root or system installed packages are compromised, whether 
*.desktop files are executable or not is the least of one's worries.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

More information about the kde-linux mailing list