Exec in .desktop (was Re: Security issue with .desktop files revisited)
Francois Gouget
fgouget at codeweavers.com
Fri Apr 7 11:37:09 EEST 2006
Hi,
Vincent Untz wrote:
[...]
>>>>Not even. First KDE, at least, lets you specify multiple commands
>>>>separated by semi-colon so you could drop the 'sh -c':
>>>>
>>>>Exec=/usr/X11R6/bin/xeyes;/usr/X11R6/bin/xeyes
>>>
>>>Wow. Does the spec allow this?
Ok, I've found it again:
* the Desktop Entry Specification says:
http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s03.html
> Some keys can have multiple values; these should be separated by a
> semicolon. Those keys which have several values should have a
> semicolon as the trailing character. Semicolons in these values need
> to be escaped using \;.
In practice I find that keys that have several values rarely have a
trailing ';' but that's not relevant here. What's relevant is that it
does not say that regular strings are not allowed to contain a
semi-colon. On the contrary:
* the Desktop Entry Specification says that the Exec field value is
'string'.
http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
and
> Values of type string may contain all ASCII characters except for
> control characters.
So there is no restriction about ';', '|', '&', etc.
* finally, about the Exec field it says:
http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s06.html
> The escaping of the exec parameters is done in the way the mailcap
> specification describes. Take a look at RFC 1524 for more
> information.
* so I looked at RFC 1524 but I did not find the word 'escap*'
anywhere in it. However I believe that what the Desktop Entry
Specification meant was that the 'Semantics of executable commands'
section applies to the Exec field. That section says:
http://www.ietf.org/rfc/rfc1524.txt
> On a UNIX system, such commands will each be a full shell command
> line, including the path name for a program and its arguments.
> (Because of differences in shells and the implementation and behavior
> of the same shell from one system to another, it is specified that
> the command line be intended as input to the Bourne shell, i.e., that
> it is implicitly preceded by "/bin/sh -c " on the command line.)
So from that I deduce that it is legal to use the following in the Exec
field:
Exec=command1;command2 || command3
And that it will behave like
sh -c "command1;command2 || command3"
But I might be wrong in how I understand the RFC 1524 to apply to the
Desktop Entry Specification. It is quite ambiguous there. In particular
the 'Semantics of executable commands' also says that if there is no
'%s' on the command line, then the content of the file will be passed
through stdin and I doubt that part to apply to the Desktop Entry
Specification...
--
Francois Gouget
fgouget at codeweavers.com
More information about the xdg
mailing list