Exec in .desktop (was Re: Security issue with .desktop files revisited)

Francois Gouget fgouget at codeweavers.com
Fri Apr 7 11:37:09 EEST 2006 

Hi,

Vincent Untz wrote:
[...]
>>>>Not even. First KDE, at least, lets you specify multiple commands
>>>>separated by semi-colon so you could drop the 'sh -c':
>>>>
>>>>Exec=/usr/X11R6/bin/xeyes;/usr/X11R6/bin/xeyes
>>>
>>>Wow. Does the spec allow this?

Ok, I've found it again:

  * the Desktop Entry Specification says:
    http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s03.html

 > Some keys can have multiple values; these should be separated by a
 > semicolon. Those keys which have several values should have a
 > semicolon as the trailing character. Semicolons in these values need
 > to be escaped using \;.

In practice I find that keys that have several values rarely have a 
trailing ';' but that's not relevant here. What's relevant is that it 
does not say that regular strings are not allowed to contain a 
semi-colon. On the contrary:

  * the Desktop Entry Specification says that the Exec field value is 
'string'.
http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html

    and

 > Values of type string may contain all ASCII characters except for
 > control characters.

    So there is no restriction about ';', '|', '&', etc.

  * finally, about the Exec field it says:
    http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s06.html

 > The escaping of the exec parameters is done in the way the mailcap
 > specification describes. Take a look at RFC 1524  for more
 > information.

  * so I looked at RFC 1524 but I did not find the word 'escap*' 
anywhere in it. However I believe that what the Desktop Entry 
Specification meant was that the 'Semantics of executable commands' 
section applies to the Exec field. That section says:
    http://www.ietf.org/rfc/rfc1524.txt

 > On a UNIX system, such commands will each be a full shell command
 > line, including the path name for a program and its arguments.
 > (Because of differences in shells and the implementation and behavior
 > of the same shell from one system to another, it is specified that
 > the command line be intended as input to the Bourne shell, i.e., that
 > it is implicitly preceded by "/bin/sh -c " on the command line.)


So from that I deduce that it is legal to use the following in the Exec 
field:

Exec=command1;command2 || command3

And that it will behave like

sh -c "command1;command2 || command3"


But I might be wrong in how I understand the RFC 1524 to apply to the 
Desktop Entry Specification. It is quite ambiguous there. In particular 
the 'Semantics of executable commands' also says that if there is no 
'%s' on the command line, then the content of the file will be passed 
through stdin and I doubt that part to apply to the Desktop Entry 
Specification...


-- 
Francois Gouget
fgouget at codeweavers.com

More information about the xdg mailing list