From 61fa153540c2931cbd7afe62752326d63b63b819 Mon Sep 17 00:00:00 2001
From: Ikey Doherty <ikey@solus-project.com>
Date: Thu, 20 Jul 2017 08:16:37 +0100
Subject: private: Ensure we allow launching .desktop files from trusted
 symlinks

When a file is a symlink to one of the XDG data dirs, we'll allow that
link to work, as they're vendor provided and not world-writeable by a
malicious entity.

This lookup is handled by the "is_system_dir" logic, to ensure that whatever
the .desktop symlink is pointing at is already implicitly whitelisted. This
allows for vendor provided "default" symlinks on within user directories,
such as installer shortcuts for LiveCDs, etc.

Signed-off-by: Ikey Doherty <ikey@solus-project.com>
---
 libcaja-private/caja-directory-async.c | 42 ++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

(limited to 'libcaja-private')

diff --git a/libcaja-private/caja-directory-async.c b/libcaja-private/caja-directory-async.c
index d003eb23..069f5523 100644
--- a/libcaja-private/caja-directory-async.c
+++ b/libcaja-private/caja-directory-async.c
@@ -3802,6 +3802,43 @@ file_info_start (CajaDirectory *directory,
     g_object_unref (location);
 }
 
+static gboolean is_trusted_system_desktop_file (GFile *file)
+{
+    gboolean res = FALSE;
+    GFileInfo *info;
+    const gchar *target = NULL;
+    GFile *location = NULL;
+
+    info = g_file_query_info (file,
+                              G_FILE_ATTRIBUTE_STANDARD_TYPE ","
+                              G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
+                              G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
+                              NULL,
+                              NULL);
+
+    if (info == NULL)
+    {
+        return FALSE;
+    }
+
+    target = g_file_info_get_symlink_target (info);
+    if (!target) {
+        goto done;
+    }
+
+    location = g_file_new_for_path (target);
+
+    res = caja_is_in_system_dir (location);
+
+done:
+    if (location) {
+        g_object_unref (location);
+    }
+    g_object_unref (info);
+
+    return res;
+}
+
 static gboolean
 is_link_trusted (CajaFile *file,
                  gboolean is_launcher)
@@ -3825,6 +3862,11 @@ is_link_trusted (CajaFile *file,
     {
         location = caja_file_get_location (file);
         res = caja_is_in_system_dir (location);
+
+        if (!res) {
+            res = is_trusted_system_desktop_file (location);
+        }
+
         g_object_unref (location);
     }
 
-- 
cgit v1.2.1