'Re: [PATCH] .desktop security ++'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [PATCH] .desktop security ++
From:       Michael Pyne <mpyne () purinchu ! net>
Date:       2009-02-22 2:43:53
Message-ID: 200902212143.53592.mpyne () purinchu ! net
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

[Attachment #4 (multipart/alternative)]


On Saturday 21 February 2009, Michael Pyne wrote:
> Hi all,
>
> I've implemented the auto-exec-bit-ifying of .desktop files in KRun and
> made the changes suggested in the last couple of threads, including using
> owned-by- root as an exception as originally discussed instead of merely
> "not writable by user".
>
> Currently the work is in 3 patches (all attached):

2 more patches now to fix the Link to Application template (for a total of 5):

patch 4 simply adds the #!/usr/bin/env xdg-open header to the Application 
template desktop file

patch 5 adds support for adding the +x bit to new application links.  Only the 
user's executable bit is added, is it a good idea to add owner/group as well?  
I made sure to use KIO in case a Link to Application is created remotely, so 
that part works even remotely (KPropertiesDialog, as it turns out, did not 
though :( ).

I would assume Plasma would still need to be fixed as well but I haven't 
looked at it yet.

Finally, I'm still uneasy at having a dialog that can be clicked-thru for 
.desktop files to run them this way.  So what do you think about having some 
kind of minimum-time-to-dialog where if the user tries to click on the 
.desktop file within, say, 10 minutes of creating it that it simply opens up 
its properties dialog?  After 10 minutes the dialog would appear on click.  
Note that this would only happen after creating a .desktop file not via Plasma 
(since that will be fixed) or Link to Application.

Regards,
 - Michael Pyne

[Attachment #7 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Droid Sans Mono'; font-size:10pt; \
font-weight:400; font-style:normal;">On Saturday 21 February 2009, Michael Pyne \
wrote:<br> &gt; Hi all,<br>
&gt;<br>
&gt; I've implemented the auto-exec-bit-ifying of .desktop files in KRun and<br>
&gt; made the changes suggested in the last couple of threads, including using<br>
&gt; owned-by- root as an exception as originally discussed instead of merely<br>
&gt; "not writable by user".<br>
&gt;<br>
&gt; Currently the work is in 3 patches (all attached):<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>2 more patches now to fix the Link to Application template \
(for a total of 5):<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>patch 4 simply adds the #!/usr/bin/env \
xdg-open header to the Application template desktop file<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>patch 5 adds support for adding the +x bit to new \
application links.  Only the user's executable bit is added, is it a good idea to add \
owner/group as well?  I made sure to use KIO in case a Link to Application is created \
remotely, so that part works even remotely (KPropertiesDialog, as it turns out, did \
not though :( ).<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>I would assume Plasma would still need to \
be fixed as well but I haven't looked at it yet.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Finally, I'm still uneasy at having a dialog that can be \
clicked-thru for .desktop files to run them this way.  So what do you think about \
having some kind of minimum-time-to-dialog where if the user tries to click on the \
.desktop file within, say, 10 minutes of creating it that it simply opens up its \
properties dialog?  After 10 minutes the dialog would appear on click.  Note that \
this would only happen after creating a .desktop file not via Plasma (since that will \
be fixed) or Link to Application.<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
                -qt-block-indent:0; text-indent:0px; \
                -qt-user-state:0;"><br></p>Regards,<br>
 - Michael Pyne</p></body></html>


["brouhaha-005-kpropertiesdialog.patch" (text/x-patch)]

Index: kio/kfile/kpropertiesdialog.cpp
===================================================================
--- kio/kfile/kpropertiesdialog.cpp	(revision 929650)
+++ kio/kfile/kpropertiesdialog.cpp	(working copy)
@@ -1414,6 +1414,27 @@
           job->exec();
       }
   }
+
+  // "Link to Application" templates need to be made executable
+  // Instead of matching against a filename we check if the destination
+  // is an Application now.
+  if ( d->m_bFromTemplate ) {
+    // destination is not necessarily local, use the src template
+    KDesktopFile templateResult ( \
static_cast<KIO::CopyJob*>(job)->srcUrls().first().toLocalFile() ); +    if ( \
templateResult.hasApplicationType() ) { +      // We can either stat the file and add \
the +x bit or use the larger chmod() job +      // with a umask designed to only \
touch u+x.  This is only one KIO job, so let's +      // do that.
+
+      KFileItem appLink ( properties->item() );
+      KFileItemList fileItemList;
+      fileItemList << appLink;
+
+      // first 0100 adds u+x, second 0100 only allows chmod to change u+x
+      KIO::Job* chmodJob = KIO::chmod( fileItemList, 0100, 0100, QString(), \
QString(), KIO::HideProgressInfo ); +      chmodJob->exec();
+    }
+  }
 }
 
 void KFilePropsPlugin::applyIconChanges()


["brouhaha-004-program-template.patch" (text/x-patch)]

Index: apps/lib/konq/Templates/Program.desktop
===================================================================
--- apps/lib/konq/Templates/Program.desktop	(revision 928782)
+++ apps/lib/konq/Templates/Program.desktop	(working copy)
@@ -1,3 +1,4 @@
+#!/usr/bin/env xdg-open
 [Desktop Entry]
 Exec=
 Icon=exec

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic