[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20200107183248.18491-2-info@metux.net>
Date: Tue, 7 Jan 2020 19:32:48 +0100
From: "Enrico Weigelt, metux IT consult" <info@...ux.net>
To: fulldisclosure@...lists.org
Subject: [FD] [PATCH] (security) launcher: don't attempt to execute
arbitrary binaries
What might be convenience functionality, poses a real-life security threat:
A user can be tricked be tricked to download malicious code, unpack it with
+x permissions (eg. via tar) and execute it by just clicking on the icton.
In combination with other techniques (eg. homoglyphs), even more experienced
users can be tricked "open" some supposedly harmless file type, while Thunar
in fact executes a binary - with full user's privileges. (the same approach
is one of the primary infection vectors used by thousands of malwares in
Windows world, which already caused gigantic damages).
Therefore introduce a new setting and only execute programs if explicitly
enabled.
Signed-off-by: Enrico Weigelt, metux IT consult <info@...ux.net>
---
thunar/thunar-file.c | 55 +++++++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 24 deletions(-)
diff --git a/thunar/thunar-file.c b/thunar/thunar-file.c
index c7aae58a..72e1c1cd 100644
--- a/thunar/thunar-file.c
+++ b/thunar/thunar-file.c
@@ -2865,8 +2865,8 @@ gboolean
thunar_file_is_executable (const ThunarFile *file)
{
ThunarPreferences *preferences;
- gboolean can_execute = FALSE;
gboolean exec_shell_scripts = FALSE;
+ gboolean exec_programs = FALSE;
const gchar *content_type;
_thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE);
@@ -2874,31 +2874,38 @@ thunar_file_is_executable (const ThunarFile *file)
if (file->info == NULL)
return FALSE;
- if (g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
- {
- /* get the content type of the file */
- content_type = thunar_file_get_content_type (THUNAR_FILE (file));
- if (G_LIKELY (content_type != NULL))
- {
- can_execute = g_content_type_can_be_executable (content_type);
+ if (thunar_file_is_desktop_file (file, NULL))
+ return TRUE;
- if (can_execute)
- {
- /* check if the shell scripts should be executed or opened by default */
- preferences = thunar_preferences_get ();
- g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
- g_object_unref (preferences);
-
- /* do never execute plain text files which are not shell scripts but marked executable */
- if (g_strcmp0 (content_type, "text/plain") == 0)
- can_execute = FALSE;
- else if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
- can_execute = FALSE;
- }
- }
- }
+ if (!g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
+ return FALSE;
+
+ /* get the content type of the file */
+ content_type = thunar_file_get_content_type (THUNAR_FILE (file));
+ if (G_UNLIKELY (content_type == NULL))
+ return FALSE;
+
+ if (!g_content_type_can_be_executable (content_type))
+ return FALSE;
+
+ /* check if the shell scripts should be executed or opened by default */
+ preferences = thunar_preferences_get ();
+ g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
+ g_object_get (preferences, "misc-exec-programs-by-default", &exec_programs, NULL);
+ g_object_unref (preferences);
+
+ /* security: do never open exec programs (scripts or binaries), unless explicitly enabled */
+ if (!exec_programs)
+ return FALSE;
- return can_execute || thunar_file_is_desktop_file (file, NULL);
+ /* do never execute plain text files which are not shell scripts but marked executable */
+ if (g_strcmp0 (content_type, "text/plain") == 0)
+ return FALSE;
+
+ if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
+ return FALSE;
+
+ return TRUE;
}
--
2.11.0
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists