:: [devuan-dev] [PATCH] (security) lau…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Enrico Weigelt, metux IT consult
日付:  
To: devuan-dev
CC: dng
題目: [devuan-dev] [PATCH] (security) launcher: don't attempt to execute arbitrary binaries
What might supposed to be convenience functionality, poses a real-life
security threat:

A user can be tricked be tricked to download malicious code, unpack it with
+x permissions (eg. via tar) and execute it by just clicking on the icton.
In combination with other techniques (eg. homoglyphs), even more experienced
users can be tricked "open" some supposedly harmless file type, while Thunar
in fact executes a binary - with full user's privileges. (the same approach
is one of the primary infection vectors used by thousands of malwares in
Windows world, which already caused gigantic damages).

Therefore introduce a new setting and only execute programs if explicitly
enabled.

Signed-off-by: Enrico Weigelt, metux IT consult <info@???>
---
thunar/thunar-file.c | 55 +++++++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 24 deletions(-)

diff --git a/thunar/thunar-file.c b/thunar/thunar-file.c
index c7aae58a..72e1c1cd 100644
--- a/thunar/thunar-file.c
+++ b/thunar/thunar-file.c
@@ -2865,8 +2865,8 @@ gboolean
 thunar_file_is_executable (const ThunarFile *file)
 {
   ThunarPreferences *preferences;
-  gboolean           can_execute = FALSE;
   gboolean           exec_shell_scripts = FALSE;
+  gboolean           exec_programs = FALSE;
   const gchar       *content_type;


   _thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE);
@@ -2874,31 +2874,38 @@ thunar_file_is_executable (const ThunarFile *file)
   if (file->info == NULL)
     return FALSE;


-  if (g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
-    {
-      /* get the content type of the file */
-      content_type = thunar_file_get_content_type (THUNAR_FILE (file));
-      if (G_LIKELY (content_type != NULL))
-        {
-          can_execute = g_content_type_can_be_executable (content_type);
+  if (thunar_file_is_desktop_file (file, NULL))
+    return TRUE;


-          if (can_execute)
-            {
-              /* check if the shell scripts should be executed or opened by default */
-              preferences = thunar_preferences_get ();
-              g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
-              g_object_unref (preferences);
-
-              /* do never execute plain text files which are not shell scripts but marked executable */
-              if (g_strcmp0 (content_type, "text/plain") == 0)
-                  can_execute = FALSE;
-              else if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
-                  can_execute = FALSE;
-            }
-        }
-    }
+  if (!g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
+    return FALSE;
+
+  /* get the content type of the file */
+  content_type = thunar_file_get_content_type (THUNAR_FILE (file));
+  if (G_UNLIKELY (content_type == NULL))
+    return FALSE;
+
+  if (!g_content_type_can_be_executable (content_type))
+    return FALSE;
+
+  /* check if the shell scripts should be executed or opened by default */
+  preferences = thunar_preferences_get ();
+  g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
+  g_object_get (preferences, "misc-exec-programs-by-default", &exec_programs, NULL);
+  g_object_unref (preferences);
+
+  /* security: do never open exec programs (scripts or binaries), unless explicitly enabled */
+  if (!exec_programs)
+    return FALSE;


-  return can_execute || thunar_file_is_desktop_file (file, NULL);
+  /* do never execute plain text files which are not shell scripts but marked executable */
+  if (g_strcmp0 (content_type, "text/plain") == 0)
+    return FALSE;
+
+  if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
+    return FALSE;
+
+  return TRUE;
 }



--
2.11.0