This patch mitigates allowing launcher the ability to execute arbitrary programs.
05bbc4faa849e25fbad6d25534f4c781fc3cc329c48f156bf5eb3fdb0bb6fa54What might be convenience functionality, poses a real-life security threat:
A user can be tricked be tricked to download malicious code, unpack it with
+x permissions (eg. via tar) and execute it by just clicking on the icton.
In combination with other techniques (eg. homoglyphs), even more experienced
users can be tricked "open" some supposedly harmless file type, while Thunar
in fact executes a binary - with full user's privileges. (the same approach
is one of the primary infection vectors used by thousands of malwares in
Windows world, which already caused gigantic damages).
Therefore introduce a new setting and only execute programs if explicitly
enabled.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
thunar/thunar-file.c | 55 +++++++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 24 deletions(-)
diff --git a/thunar/thunar-file.c b/thunar/thunar-file.c
index c7aae58a..72e1c1cd 100644
--- a/thunar/thunar-file.c
+++ b/thunar/thunar-file.c
@@ -2865,8 +2865,8 @@ gboolean
thunar_file_is_executable (const ThunarFile *file)
{
ThunarPreferences *preferences;
- gboolean can_execute = FALSE;
gboolean exec_shell_scripts = FALSE;
+ gboolean exec_programs = FALSE;
const gchar *content_type;
_thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE);
@@ -2874,31 +2874,38 @@ thunar_file_is_executable (const ThunarFile *file)
if (file->info == NULL)
return FALSE;
- if (g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
- {
- /* get the content type of the file */
- content_type = thunar_file_get_content_type (THUNAR_FILE (file));
- if (G_LIKELY (content_type != NULL))
- {
- can_execute = g_content_type_can_be_executable (content_type);
+ if (thunar_file_is_desktop_file (file, NULL))
+ return TRUE;
- if (can_execute)
- {
- /* check if the shell scripts should be executed or opened by default */
- preferences = thunar_preferences_get ();
- g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
- g_object_unref (preferences);
-
- /* do never execute plain text files which are not shell scripts but marked executable */
- if (g_strcmp0 (content_type, "text/plain") == 0)
- can_execute = FALSE;
- else if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
- can_execute = FALSE;
- }
- }
- }
+ if (!g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
+ return FALSE;
+
+ /* get the content type of the file */
+ content_type = thunar_file_get_content_type (THUNAR_FILE (file));
+ if (G_UNLIKELY (content_type == NULL))
+ return FALSE;
+
+ if (!g_content_type_can_be_executable (content_type))
+ return FALSE;
+
+ /* check if the shell scripts should be executed or opened by default */
+ preferences = thunar_preferences_get ();
+ g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
+ g_object_get (preferences, "misc-exec-programs-by-default", &exec_programs, NULL);
+ g_object_unref (preferences);
+
+ /* security: do never open exec programs (scripts or binaries), unless explicitly enabled */
+ if (!exec_programs)
+ return FALSE;
- return can_execute || thunar_file_is_desktop_file (file, NULL);
+ /* do never execute plain text files which are not shell scripts but marked executable */
+ if (g_strcmp0 (content_type, "text/plain") == 0)
+ return FALSE;
+
+ if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
+ return FALSE;
+
+ return TRUE;
}
--
2.11.0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed