What might be convenience functionality, poses a real-life security threat: A user can be tricked be tricked to download malicious code, unpack it with +x permissions (eg. via tar) and execute it by just clicking on the icton. In combination with other techniques (eg. homoglyphs), even more experienced users can be tricked "open" some supposedly harmless file type, while Thunar in fact executes a binary - with full user's privileges. (the same approach is one of the primary infection vectors used by thousands of malwares in Windows world, which already caused gigantic damages). Therefore introduce a new setting and only execute programs if explicitly enabled. Signed-off-by: Enrico Weigelt, metux IT consult --- thunar/thunar-file.c | 55 +++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/thunar/thunar-file.c b/thunar/thunar-file.c index c7aae58a..72e1c1cd 100644 --- a/thunar/thunar-file.c +++ b/thunar/thunar-file.c @@ -2865,8 +2865,8 @@ gboolean thunar_file_is_executable (const ThunarFile *file) { ThunarPreferences *preferences; - gboolean can_execute = FALSE; gboolean exec_shell_scripts = FALSE; + gboolean exec_programs = FALSE; const gchar *content_type; _thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE); @@ -2874,31 +2874,38 @@ thunar_file_is_executable (const ThunarFile *file) if (file->info == NULL) return FALSE; - if (g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE)) - { - /* get the content type of the file */ - content_type = thunar_file_get_content_type (THUNAR_FILE (file)); - if (G_LIKELY (content_type != NULL)) - { - can_execute = g_content_type_can_be_executable (content_type); + if (thunar_file_is_desktop_file (file, NULL)) + return TRUE; - if (can_execute) - { - /* check if the shell scripts should be executed or opened by default */ - preferences = thunar_preferences_get (); - g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL); - g_object_unref (preferences); - - /* do never execute plain text files which are not shell scripts but marked executable */ - if (g_strcmp0 (content_type, "text/plain") == 0) - can_execute = FALSE; - else if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts) - can_execute = FALSE; - } - } - } + if (!g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE)) + return FALSE; + + /* get the content type of the file */ + content_type = thunar_file_get_content_type (THUNAR_FILE (file)); + if (G_UNLIKELY (content_type == NULL)) + return FALSE; + + if (!g_content_type_can_be_executable (content_type)) + return FALSE; + + /* check if the shell scripts should be executed or opened by default */ + preferences = thunar_preferences_get (); + g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL); + g_object_get (preferences, "misc-exec-programs-by-default", &exec_programs, NULL); + g_object_unref (preferences); + + /* security: do never open exec programs (scripts or binaries), unless explicitly enabled */ + if (!exec_programs) + return FALSE; - return can_execute || thunar_file_is_desktop_file (file, NULL); + /* do never execute plain text files which are not shell scripts but marked executable */ + if (g_strcmp0 (content_type, "text/plain") == 0) + return FALSE; + + if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts) + return FALSE; + + return TRUE; } -- 2.11.0