lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20200107183248.18491-2-info@metux.net>
Date: Tue,  7 Jan 2020 19:32:48 +0100
From: "Enrico Weigelt, metux IT consult" <info@...ux.net>
To: fulldisclosure@...lists.org
Subject: [FD] [PATCH] (security) launcher: don't attempt to execute
	arbitrary binaries

What might be convenience functionality, poses a real-life security threat:

A user can be tricked be tricked to download malicious code, unpack it with
+x permissions (eg. via tar) and execute it by just clicking on the icton.
In combination with other techniques (eg. homoglyphs), even more experienced
users can be tricked "open" some supposedly harmless file type, while Thunar
in fact executes a binary - with full user's privileges. (the same approach
is one of the primary infection vectors used by thousands of malwares in
Windows world, which already caused gigantic damages).

Therefore introduce a new setting and only execute programs if explicitly
enabled.

Signed-off-by: Enrico Weigelt, metux IT consult <info@...ux.net>
---
 thunar/thunar-file.c | 55 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 31 insertions(+), 24 deletions(-)

diff --git a/thunar/thunar-file.c b/thunar/thunar-file.c
index c7aae58a..72e1c1cd 100644
--- a/thunar/thunar-file.c
+++ b/thunar/thunar-file.c
@@ -2865,8 +2865,8 @@ gboolean
 thunar_file_is_executable (const ThunarFile *file)
 {
   ThunarPreferences *preferences;
-  gboolean           can_execute = FALSE;
   gboolean           exec_shell_scripts = FALSE;
+  gboolean           exec_programs = FALSE;
   const gchar       *content_type;
 
   _thunar_return_val_if_fail (THUNAR_IS_FILE (file), FALSE);
@@ -2874,31 +2874,38 @@ thunar_file_is_executable (const ThunarFile *file)
   if (file->info == NULL)
     return FALSE;
 
-  if (g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
-    {
-      /* get the content type of the file */
-      content_type = thunar_file_get_content_type (THUNAR_FILE (file));
-      if (G_LIKELY (content_type != NULL))
-        {
-          can_execute = g_content_type_can_be_executable (content_type);
+  if (thunar_file_is_desktop_file (file, NULL))
+    return TRUE;
 
-          if (can_execute)
-            {
-              /* check if the shell scripts should be executed or opened by default */
-              preferences = thunar_preferences_get ();
-              g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
-              g_object_unref (preferences);
-
-              /* do never execute plain text files which are not shell scripts but marked executable */
-              if (g_strcmp0 (content_type, "text/plain") == 0)
-                  can_execute = FALSE;
-              else if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
-                  can_execute = FALSE;
-            }
-        }
-    }
+  if (!g_file_info_get_attribute_boolean (file->info, G_FILE_ATTRIBUTE_ACCESS_CAN_EXECUTE))
+    return FALSE;
+
+  /* get the content type of the file */
+  content_type = thunar_file_get_content_type (THUNAR_FILE (file));
+  if (G_UNLIKELY (content_type == NULL))
+    return FALSE;
+
+  if (!g_content_type_can_be_executable (content_type))
+    return FALSE;
+
+  /* check if the shell scripts should be executed or opened by default */
+  preferences = thunar_preferences_get ();
+  g_object_get (preferences, "misc-exec-shell-scripts-by-default", &exec_shell_scripts, NULL);
+  g_object_get (preferences, "misc-exec-programs-by-default", &exec_programs, NULL);
+  g_object_unref (preferences);
+
+  /* security: do never open exec programs (scripts or binaries), unless explicitly enabled */
+  if (!exec_programs)
+    return FALSE;
 
-  return can_execute || thunar_file_is_desktop_file (file, NULL);
+  /* do never execute plain text files which are not shell scripts but marked executable */
+  if (g_strcmp0 (content_type, "text/plain") == 0)
+    return FALSE;
+
+  if (g_content_type_is_a (content_type, "text/plain") && ! exec_shell_scripts)
+    return FALSE;
+
+  return TRUE;
 }
 
 
-- 
2.11.0


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ