[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Update on progress [PATCH]
From: Michael Pyne <mpyne () purinchu ! net>
Date: 2009-02-20 5:02:40
Message-ID: 200902200002.45047.mpyne () purinchu ! net
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
[Attachment #4 (multipart/alternative)]
On Wednesday 18 February 2009, Michael Pyne wrote:
> Standing by for comments (although it will be some hours before I'm online
> again most likely).
So far I have the outstanding request to call i18n() only once in the event of
an error which I still need to change.
I've been working on KRun today (in kio) based on some discussion on IRC with
dfaure as to where best to add the feature to make a file executable. My
current work is attached as 2 patches. It compiles but is untested as I need
to be awake in 6 hours for work.
First patch is against kdecore's KDesktopFile to make the
isAuthorizedDesktopFile static method reflect the criteria used in my first
patch against klauncher in addition to Kiosk (which means I will probably
alter my first patch to simply call KDesktopFile::isAuthorizedDesktopFile),
since this code is used by KRun and was already mostly identical.
KDesktopFile::isAuthorizedDesktopFile used to always allow desktop files on
the user's Desktop, which is what we're trying to avoid now.... ;)
The second patch (fix-desktop-file-security-2) adds the ability to make the
file executable and continue automatically (if the reason execution was
forbidden wasn't due to Kiosk, that is). I'm using a KMessageBox with a
details button. I think the text is kind of clumsy but I'm very tired right
now and can't think of anything better. :)
Again, I haven't been able to test yet, if someone does make a KRun testcase
I'd appreciate screenshots so we can see what it look like, otherwise I will
do so tomorrow when I get off of work and doing chores from my wife. ;)
Still missing is actually tying all of this into the file view used by Konq,
Dolphin, and Folder View, which all still ends up in klauncher since I
apparently have not covered all the possibilities in KRun. But I'd appreciate
feedback on what I've got so far.
Regards,
- Michael Pyne
[Attachment #7 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Consolas'; font-size:11pt; \
font-weight:400; font-style:normal;">On Wednesday 18 February 2009, Michael Pyne \
wrote:<br> > Standing by for comments (although it will be some hours before I'm \
online<br> > again most likely).<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>So far I have the outstanding request to call i18n() only \
once in the event of an error which I still need to change.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>I've been working on KRun today (in kio) based on some \
discussion on IRC with dfaure as to where best to add the feature to make a file \
executable. My current work is attached as 2 patches. It compiles but is untested \
as I need to be awake in 6 hours for work.<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>First patch is \
against kdecore's KDesktopFile to make the isAuthorizedDesktopFile static method \
reflect the criteria used in my first patch against klauncher in addition to Kiosk \
(which means I will probably alter my first patch to simply call \
KDesktopFile::isAuthorizedDesktopFile), since this code is used by KRun and was \
already mostly identical. KDesktopFile::isAuthorizedDesktopFile used to always allow \
desktop files on the user's Desktop, which is what we're trying to avoid now.... \
;)<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>The second patch (fix-desktop-file-security-2) adds the \
ability to make the file executable and continue automatically (if the reason \
execution was forbidden wasn't due to Kiosk, that is). I'm using a KMessageBox with \
a details button. I think the text is kind of clumsy but I'm very tired right now \
and can't think of anything better. :)<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Again, I haven't been \
able to test yet, if someone does make a KRun testcase I'd appreciate screenshots so \
we can see what it look like, otherwise I will do so tomorrow when I get off of work \
and doing chores from my wife. ;)<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Still missing is \
actually tying all of this into the file view used by Konq, Dolphin, and Folder View, \
which all still ends up in klauncher since I apparently have not covered all the \
possibilities in KRun. But I'd appreciate feedback on what I've got so far.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Regards,<br>
- Michael Pyne</p></body></html>
["fix-desktop-file-security-2.patch" (text/x-patch)]
Index: krun.cpp
===================================================================
--- krun.cpp (revision 928198)
+++ krun.cpp (working copy)
@@ -44,6 +44,7 @@
#include "kfile/krecentdocument.h"
#include "kdesktopfileactions.h"
+#include <kauthorized.h>
#include <kmessageboxwrapper.h>
#include <kurl.h>
#include <kglobal.h>
@@ -65,6 +66,9 @@
#include <QTextDocument>
#include <kde_file.h>
#include <kconfiggroup.h>
+#include <kdialog.h>
+#include <kstandardguiitem.h>
+#include <kguiitem.h>
#ifdef Q_WS_X11
#include <kwindowsystem.h>
@@ -684,15 +688,83 @@
return urls;
}
+// Helper function to make a .desktop file executable if prompted by the user.
+// returns true if KRun::run() should continue with execution, false if user declined
+// to make the file executable or we failed to make it executable.
+static bool makeServiceExecutable( const KService& service, QWidget* window )
+{
+ if (!KAuthorized::authorize("run_desktop_files"))
+ {
+ kWarning() << "No authorization to execute " << service.entryPath();
+ KMessageBox::sorry( window, i18n("You are not authorized to execute this service.") );
+ return false; // Don't circumvent the Kiosk
+ }
+
+ QString serviceName = service.genericName();
+ if (serviceName.isEmpty())
+ serviceName = service.desktopEntryName();
+ QString continueStr = i18n("Make service executable and continue");
+
+ QString warningMessage = i18n("You are trying to run the service %1, but it is not "
+ "marked as an executable program. This may be a mistake in the system "
+ "configuration, but could also be an attempt at running a malicious program.\n\n"
+ "If you created this service then click %2 to mark the service as executable. "
+ "If you downloaded this service or if you are unsure then you should probably "
+ "cancel the service.", serviceName, continueStr);
+
+ QString details = i18n("This service will run the following command: %1", service.exec() );
+
+ KGuiItem continueItem = KStandardGuiItem::cont();
+ continueItem.setText( continueStr );
+
+ // We want to be able to provide the details window but only "sorry" message boxes have
+ // a static method so we need to use createKMessageBox, which means we need to provide
+ // the KDialog. We'll change the Continue to have a more descriptive button but otherwise
+ // be the standard continue button.
+
+ KDialog *baseDialog = new KDialog( window );
+ baseDialog->setButtons( KDialog::Ok | KDialog::Cancel );
+ baseDialog->setButtonGuiItem( KDialog::Ok, continueItem );
+ baseDialog->setDefaultButton( KDialog::NoDefault );
+
+ if (KMessageBox::createKMessageBox(
+ baseDialog, QMessageBox::Warning, warningMessage, QStringList(), QString(), 0 /* bool* */,
+ 0 /* no options */, details ) == KDialog::Cancel)
+ {
+ return false;
+ }
+
+ // Assume that service is an absolute path since we're being called (relative paths
+ // would have been allowed unless Kiosk said no, therefore we already know where the
+ // .desktop file is.
+
+ QFile::Permissions perms = QFile::permissions( service.entryPath() );
+
+ // corresponds to owner on unix, which will have to do since if the user isn't the owner
+ // we can't change perms anyways.
+ perms |= QFile::ExeUser;
+
+ if (!QFile::setPermissions( service.entryPath(), perms ))
+ {
+ KMessageBox::sorry(
+ window,
+ i18n("Unable to make the service %1 executable, aborting execution", serviceName)
+ );
+
+ return false;
+ }
+
+ return true;
+}
+
bool KRun::run( const KService& _service, const KUrl::List& _urls, QWidget* window,
bool tempFiles, const QString& suggestedFileName, const QByteArray& asn )
{
if (!_service.entryPath().isEmpty() &&
- !KDesktopFile::isAuthorizedDesktopFile( _service.entryPath()))
+ !KDesktopFile::isAuthorizedDesktopFile( _service.entryPath()) &&
+ !::makeServiceExecutable( _service, window ))
{
- kWarning() << "No authorization to execute " << _service.entryPath();
- KMessageBox::sorry( window, i18n("You are not authorized to execute this service.") );
- return false;
+ return false;
}
if ( !tempFiles )
["fix-desktop-file-security-kdesktop-file.patch" (text/x-patch)]
Index: config/kdesktopfile.cpp
===================================================================
--- config/kdesktopfile.cpp (revision 928198)
+++ config/kdesktopfile.cpp (working copy)
@@ -24,6 +24,7 @@
#include <unistd.h>
#include <QtCore/QDir>
+#include <QtCore/QFileInfo>
#include <config.h>
#include "kconfig_p.h"
@@ -139,8 +140,13 @@
bool KDesktopFile::isAuthorizedDesktopFile(const QString& path)
{
- if (KAuthorized::authorize("run_desktop_files"))
- return true;
+ // Explicitly forbid desktop files if Kiosk does not allow. There
+ // may be other reasons that desktop files are forbidden so keep
+ // checking otherwise.
+ if (!KAuthorized::authorize("run_desktop_files")) {
+ kWarning() << "Access to '" << path << "' denied because of 'run_desktop_files' \
restriction." << endl; + return false;
+ }
if (path.isEmpty())
return false; // Empty paths are not ok.
@@ -155,10 +161,14 @@
return true;
if (QDir::isRelativePath( dirs->relativeLocation("services", path) ))
return true;
- if (dirs->relativeLocation("data", path).startsWith("kdesktop/Desktop"))
- return true;
- kWarning() << "Access to '" << path << "' denied because of 'run_desktop_files' \
restriction." << endl; + // Not otherwise permitted, so only allow if the file is \
executable, or if + // not writable by the user.
+ QFileInfo entryInfo( path );
+ if (entryInfo.isExecutable() || !entryInfo.isWritable())
+ return true;
+
+ kWarning() << "Access to '" << path << "' denied because of \
'non_executable_desktop_file' restriction." << endl; return false;
}
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic