summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIkey Doherty <[email protected]>2017-07-20 08:16:37 +0100
committerlukefromdc <[email protected]>2017-08-22 01:51:22 -0400
commit61fa153540c2931cbd7afe62752326d63b63b819 (patch)
treeca087a7c2f27b64379cee9097c416ff58ab56400
parentac12e6d16f4a51b3327d013781e72cfec17f3624 (diff)
downloadcaja-61fa153540c2931cbd7afe62752326d63b63b819.tar.bz2
caja-61fa153540c2931cbd7afe62752326d63b63b819.tar.xz
private: Ensure we allow launching .desktop files from trusted symlinks
When a file is a symlink to one of the XDG data dirs, we'll allow that link to work, as they're vendor provided and not world-writeable by a malicious entity. This lookup is handled by the "is_system_dir" logic, to ensure that whatever the .desktop symlink is pointing at is already implicitly whitelisted. This allows for vendor provided "default" symlinks on within user directories, such as installer shortcuts for LiveCDs, etc. Signed-off-by: Ikey Doherty <[email protected]>
-rw-r--r--libcaja-private/caja-directory-async.c42
1 files changed, 42 insertions, 0 deletions
diff --git a/libcaja-private/caja-directory-async.c b/libcaja-private/caja-directory-async.c
index d003eb23..069f5523 100644
--- a/libcaja-private/caja-directory-async.c
+++ b/libcaja-private/caja-directory-async.c
@@ -3802,6 +3802,43 @@ file_info_start (CajaDirectory *directory,
g_object_unref (location);
}
+static gboolean is_trusted_system_desktop_file (GFile *file)
+{
+ gboolean res = FALSE;
+ GFileInfo *info;
+ const gchar *target = NULL;
+ GFile *location = NULL;
+
+ info = g_file_query_info (file,
+ G_FILE_ATTRIBUTE_STANDARD_TYPE ","
+ G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
+ NULL,
+ NULL);
+
+ if (info == NULL)
+ {
+ return FALSE;
+ }
+
+ target = g_file_info_get_symlink_target (info);
+ if (!target) {
+ goto done;
+ }
+
+ location = g_file_new_for_path (target);
+
+ res = caja_is_in_system_dir (location);
+
+done:
+ if (location) {
+ g_object_unref (location);
+ }
+ g_object_unref (info);
+
+ return res;
+}
+
static gboolean
is_link_trusted (CajaFile *file,
gboolean is_launcher)
@@ -3825,6 +3862,11 @@ is_link_trusted (CajaFile *file,
{
location = caja_file_get_location (file);
res = caja_is_in_system_dir (location);
+
+ if (!res) {
+ res = is_trusted_system_desktop_file (location);
+ }
+
g_object_unref (location);
}