relative paths in Exec= in .desktop and .service files

Thiago Macieira thiago at kde.org
Wed Sep 10 14:24:37 PDT 2014 

On Wednesday 10 September 2014 12:31:44 Jon Watte wrote:
> > I also fail to see how having a token is any better than declaring
> > relative
> > paths to be searched from $PWD. Can you shed more light on this
> > suggestion?
> 
> $PWD is something that a user or administrator may change for many
> different reasons, not to mention it's different per-user. Relying on this
> for dbus invocation may lead to all kinds of hard-to-debug surprises and
> perhaps open up attack vectors.

That's exactly what I suggested we *not* do.

I suggested that it be relative to where the .desktop file is. That means all 
applications and all users accessing the same .desktop file will have the same 
behaviour.

I misspoke when I said $PWD. I was probably thinking of qmake project files, 
where $$PWD expands to "directory where I found the project file".

> Tying yet-another-thing into that same environment value means that you tie
> more opportunities for failure into a thing users typically fiddle with.
> If the goal is to support alternative or non-standard or isolated installs
> of dbus, then having one place that defines what "search start" means FOR
> THAT INSTALL would be the most robust and secure solution,.
> On Windows, that might be a registry value that is specific to dbus.
> On Linux, that could be a symlink in /etc/alternatives, for example. (This
> is an illustrative example, not a soup-to-nuts considered proposal)
> 
> However, I think the system would be simpler and more secure if relative
> search just didn't exist. If the only actual, needed-right-now, reason to
> introduce relative search is for Windows support, then I don't think that
> use case is important enough to relax the potential security and complexify
> the implementation and administration.

Does this clarification change your answer?

Because I don't see how this suggestion adds a security issue.
-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

More information about the xdg mailing list