Security issue with .desktop files revisited

Joe Baker joebaker at dcresearch.com
Tue Apr 11 02:58:24 EEST 2006


Waldo Bastian wrote:
> On Tuesday 28 March 2006 11:27, Francois Gouget wrote:
>   
>> Mike Hearn wrote:
>> [...]
>>
>>     
>>> To reiterate, the security problem here is that something which is a
>>> program can make itself look like a document by using a .desktop file.
>>>       
>> Right, that was the initial problem. But your proposals to use the +x
>> permission bit to fix it creates a lot more security issues that they
>> fix. Claiming they are unrelated is ridiculous.
>>
>>     
>>> The fact that +x bits have some other meaning for shell scripts and
>>>
>>>       
>>  > ELF files isn't related .....
>>
>> The meaning of the +x bit is defined by the exec() Unix system call. It
>> does not matter to that system call whether the file is a shell script,
>> an ELF binary or a desktop file. You can say what you want, it *is*
>> related.
>>
>> When considering security issues you must always consider the whole
>> system, not just the one small aspect you are interested in. Failure to
>> do so results in opening more security holes than you plug.
>>     
>
> I think it's a sane idea to require +x on .desktop files in order for a file 
> browser or "Desktop" to execute the .desktop file. It shouldn't be too much 
> of a problem to add a #!/usr/bin/xdg-open line to the format either, although 
> it my take a while before applications actually start to add that.
>   
What about when the KDE desktop is deployed on top of a FAT32 filesystem
which doesn't allow for UNIX style file attributes?  The desktop system
introduced this vulnerability, it should close it within it's own
architecture.
Also what about systems where the user's home directory is mounted with
the noexec option? 

-Joe Baker




More information about the xdg mailing list