File use-file-metadata-for-trusting-desktop-files.patch of Package nautilus.8242

Overview Repositories Revisions Requests Users Attributes Meta

File use-file-metadata-for-trusting-desktop-files.patch of Package nautilus.8242

diff --git a/libnautilus-private/nautilus-directory-async.c b/libnautilus-private/nautilus-directory-async.c
index 358dfb4..9eeb098 100644
--- a/libnautilus-private/nautilus-directory-async.c
+++ b/libnautilus-private/nautilus-directory-async.c
@@ -31,6 +31,7 @@
 #include "nautilus-global-preferences.h"
 #include "nautilus-link.h"
 #include "nautilus-profile.h"
+#include "nautilus-metadata.h"
 #include <eel/eel-glib-extensions.h>
 #include <gtk/gtk.h>
 #include <libxml/parser.h>
@@ -3229,12 +3230,18 @@ is_link_trusted (NautilusFile *file,
 {
 	GFile *location;
 	gboolean res;
+    g_autofree gchar* trusted = NULL;
+
 	
 	if (!is_launcher) {
 		return TRUE;
 	}
 	
-	if (nautilus_file_can_execute (file)) {
+    trusted = nautilus_file_get_metadata (file,
+                                          NAUTILUS_METADATA_KEY_DESKTOP_FILE_TRUSTED,
+                                          NULL);
+
+    if (nautilus_file_can_execute (file) && trusted != NULL) {
 		return TRUE;
 	}
 
diff --git a/libnautilus-private/nautilus-file-operations.c b/libnautilus-private/nautilus-file-operations.c
index c0b9305..451af01 100644
--- a/libnautilus-private/nautilus-file-operations.c
+++ b/libnautilus-private/nautilus-file-operations.c
@@ -192,10 +192,10 @@ typedef struct {
 #define COPY_FORCE _("Copy _Anyway")
 
 static void
-mark_desktop_file_trusted (CommonJob *common,
-			   GCancellable *cancellable,
-			   GFile *file,
-			   gboolean interactive);
+mark_desktop_file_executable (CommonJob *common,
+                              GCancellable *cancellable,
+                              GFile *file,
+                              gboolean interactive);
 
 static gboolean
 is_all_button_text (const char *button_text)
@@ -4699,7 +4699,7 @@ copy_move_file (CopyMoveJob *copy_job,
 		if (copy_job->desktop_location != NULL &&
 		    g_file_equal (copy_job->desktop_location, dest_dir) &&
 		    is_trusted_desktop_file (src, job->cancellable)) {
-			mark_desktop_file_trusted (job,
+            mark_desktop_file_executable (job,
 						   job->cancellable,
 						   dest,
 						   FALSE);
@@ -6971,7 +6971,7 @@ nautilus_file_operations_empty_trash (GtkWidget *parent_view)
 }
 
 static void
-mark_trusted_task_done (GObject *source_object,
+mark_desktop_file_executable_task_done (GObject *source_object,
                         GAsyncResult *res,
                         gpointer user_data)
 {
@@ -6990,91 +6990,19 @@ mark_trusted_task_done (GObject *source_object,
 #define TRUSTED_SHEBANG "#!/usr/bin/env xdg-open\n"
 
 static void
-mark_desktop_file_trusted (CommonJob *common,
+mark_desktop_file_executable (CommonJob *common,
 			   GCancellable *cancellable,
 			   GFile *file,
 			   gboolean interactive)
 {
-	char *contents, *new_contents;
-	gsize length, new_length;
 	GError *error;
 	guint32 current_perms, new_perms;
 	int response;
 	GFileInfo *info;
 	
  retry:
-	error = NULL;
-	if (!g_file_load_contents (file,
-				  cancellable,
-				  &contents, &length,
-				  NULL, &error)) {
-		if (interactive) {
-			response = run_error (common,
-					      g_strdup (_("Unable to mark launcher trusted (executable)")),
-					      error->message,
-					      NULL,
-					      FALSE,
-					      CANCEL, RETRY,
-					      NULL);
-		} else {
-			response = 0;
-		}
-		
-
-		if (response == 0 || response == GTK_RESPONSE_DELETE_EVENT) {
-			abort_job (common);
-		} else if (response == 1) {
-			goto retry;
-		} else {
-			g_assert_not_reached ();
-		}
-
-		goto out;
-	}
-
-	if (!g_str_has_prefix (contents, "#!")) {
-		new_length = length + strlen (TRUSTED_SHEBANG);
-		new_contents = g_malloc (new_length);
-		
-		strcpy (new_contents, TRUSTED_SHEBANG);
-		memcpy (new_contents + strlen (TRUSTED_SHEBANG),
-			contents, length);
-		
-		if (!g_file_replace_contents (file,
-					      new_contents,
-					      new_length,
-					      NULL,
-					      FALSE, 0,
-					      NULL, cancellable, &error)) {
-			g_free (contents);
-			g_free (new_contents);
-			
-			if (interactive) {
-				response = run_error (common,
-						      g_strdup (_("Unable to mark launcher trusted (executable)")),
-						      error->message,
-						      NULL,
-						      FALSE,
-						      CANCEL, RETRY,
-						      NULL);
-			} else {
-				response = 0;
-			}
 
-			if (response == 0 || response == GTK_RESPONSE_DELETE_EVENT) {
-				abort_job (common);
-			} else if (response == 1) {
-				goto retry;
-			} else {
-				g_assert_not_reached ();
-			}
-			
-			goto out;
-		}
-		g_free (new_contents);
-		
-	}
-	g_free (contents);
+    error = NULL;
 	
 	info = g_file_query_info (file,
 				  G_FILE_ATTRIBUTE_STANDARD_TYPE","
@@ -7148,10 +7076,10 @@ mark_desktop_file_trusted (CommonJob *common,
 }
 
 static void
-mark_trusted_task_thread_func (GTask *task,
-                               gpointer source_object,
-                               gpointer task_data,
-                               GCancellable *cancellable)
+mark_desktop_file_executable_task_thread_func (GTask *task,
+                                               gpointer source_object,
+                                               gpointer task_data,
+                                               GCancellable *cancellable)
 {
 	MarkTrustedJob *job = task_data;
 	CommonJob *common;
@@ -7160,18 +7088,18 @@ mark_trusted_task_thread_func (GTask *task,
 	
 	nautilus_progress_info_start (job->common.progress);
 
-	mark_desktop_file_trusted (common,
-				   cancellable,
-				   job->file,
-				   job->interactive);
+    mark_desktop_file_executable (common,
+                                  cancellable,
+                                  job->file,
+                                  job->interactive);
 }
 
 void
-nautilus_file_mark_desktop_file_trusted (GFile *file,
-					 GtkWindow *parent_window,
-					 gboolean interactive,
-					 NautilusOpCallback done_callback,
-					 gpointer done_callback_data)
+nautilus_file_mark_desktop_file_executable (GFile *file,
+                                            GtkWindow *parent_window,
+                                            gboolean interactive,
+                                            NautilusOpCallback done_callback,
+                                            gpointer done_callback_data)
 {
 	GTask *task;
 	MarkTrustedJob *job;
@@ -7182,9 +7110,9 @@ nautilus_file_mark_desktop_file_trusted (GFile *file,
 	job->done_callback = done_callback;
 	job->done_callback_data = done_callback_data;
 
-	task = g_task_new (NULL, NULL, mark_trusted_task_done, job);
+    task = g_task_new (NULL, NULL, mark_desktop_file_executable_task_done, job);
 	g_task_set_task_data (task, job, NULL);
-	g_task_run_in_thread (task, mark_trusted_task_thread_func);
+    g_task_run_in_thread (task, mark_desktop_file_executable_task_thread_func);
 	g_object_unref (task);
 }
 
diff --git a/libnautilus-private/nautilus-file-operations.h b/libnautilus-private/nautilus-file-operations.h
index 38b714f..7d61667 100644
--- a/libnautilus-private/nautilus-file-operations.h
+++ b/libnautilus-private/nautilus-file-operations.h
@@ -143,7 +143,7 @@ void nautilus_file_operations_link      (GList                *files,
 					 GtkWindow            *parent_window,
 					 NautilusCopyCallback  done_callback,
 					 gpointer              done_callback_data);
-void nautilus_file_mark_desktop_file_trusted (GFile           *file,
+void nautilus_file_mark_desktop_file_executable (GFile           *file,
 					      GtkWindow        *parent_window,
 					      gboolean          interactive,
 					      NautilusOpCallback done_callback,
diff --git a/libnautilus-private/nautilus-metadata.c b/libnautilus-private/nautilus-metadata.c
index 4032a08..5522ee5 100644
--- a/libnautilus-private/nautilus-metadata.c
+++ b/libnautilus-private/nautilus-metadata.c
@@ -52,6 +52,7 @@ static char *used_metadata_names[] = {
   NAUTILUS_METADATA_KEY_CUSTOM_ICON_NAME,
   NAUTILUS_METADATA_KEY_SCREEN,
   NAUTILUS_METADATA_KEY_EMBLEMS,
+  NAUTILUS_METADATA_KEY_DESKTOP_FILE_TRUSTED,
   NULL
 };
 
diff --git a/libnautilus-private/nautilus-metadata.h b/libnautilus-private/nautilus-metadata.h
index 511160d..7807a84 100644
--- a/libnautilus-private/nautilus-metadata.h
+++ b/libnautilus-private/nautilus-metadata.h
@@ -67,6 +67,7 @@
 #define NAUTILUS_METADATA_KEY_CUSTOM_ICON_NAME                	"custom-icon-name"
 #define NAUTILUS_METADATA_KEY_SCREEN				"screen"
 #define NAUTILUS_METADATA_KEY_EMBLEMS				"emblems"
+#define NAUTILUS_METADATA_KEY_DESKTOP_FILE_TRUSTED  "trusted"
 
 guint nautilus_metadata_get_id (const char *metadata);
 
diff --git a/src/nautilus-mime-actions.c b/src/nautilus-mime-actions.c
index b5e77a1..b6661c4 100644
--- a/src/nautilus-mime-actions.c
+++ b/src/nautilus-mime-actions.c
@@ -45,6 +45,7 @@
 #include <libnautilus-private/nautilus-desktop-icon-file.h>
 #include <libnautilus-private/nautilus-global-preferences.h>
 #include <libnautilus-private/nautilus-signaller.h>
+#include <libnautilus-private/nautilus-metadata.h>
 
 #define DEBUG_FLAG NAUTILUS_DEBUG_MIME
 #include <libnautilus-private/nautilus-debug.h>
@@ -237,7 +238,6 @@ struct {
 #define RESPONSE_RUN 1000
 #define RESPONSE_DISPLAY 1001
 #define RESPONSE_RUN_IN_TERMINAL 1002
-#define RESPONSE_MARK_TRUSTED 1003
 
 #define SILENT_WINDOW_OPEN_LIMIT 5
 #define SILENT_OPEN_LIMIT 5
@@ -1413,20 +1413,33 @@ untrusted_launcher_response_callback (GtkDialog *dialog,
 	GFile *file;
 	
 	switch (response_id) {
-	case RESPONSE_RUN:
+    case GTK_RESPONSE_OK:
+        file = nautilus_file_get_location (parameters->file);
+
+        /* We need to do this in order to prevent malicious desktop files
+         * with the executable bit already set.
+         * See https://bugzilla.gnome.org/show_bug.cgi?id=777991
+         */
+        nautilus_file_set_metadata (parameters->file, NAUTILUS_METADATA_KEY_DESKTOP_FILE_TRUSTED,
+                                    NULL,
+                                    "yes");
+
+        nautilus_file_mark_desktop_file_executable (file,
+                                                    parameters->parent_window,
+                                                    TRUE,
+                                                    NULL, NULL);
+
+        /* Need to force a reload of the attributes so is_trusted is marked
+         * correctly. Not sure why the general monitor doesn't fire in this
+         * case when setting the metadata
+         */
+        nautilus_file_invalidate_all_attributes (parameters->file);
 		screen = gtk_widget_get_screen (GTK_WIDGET (parameters->parent_window));
 		uri = nautilus_file_get_uri (parameters->file);
 		DEBUG ("Launching untrusted launcher %s", uri);
 		nautilus_launch_desktop_file (screen, uri, NULL,
 					      parameters->parent_window);
 		g_free (uri);
-		break;
-	case RESPONSE_MARK_TRUSTED:
-		file = nautilus_file_get_location (parameters->file);
-		nautilus_file_mark_desktop_file_trusted (file,
-							 parameters->parent_window,
-							 TRUE, 
-							 NULL, NULL);
 		g_object_unref (file);
 		break;
 	default:
@@ -1477,14 +1490,12 @@ activate_desktop_file (ActivateParameters *parameters,
 			      "secondary-text", secondary,
 			      NULL);
 		gtk_dialog_add_button (GTK_DIALOG (dialog),
-				       _("_Launch Anyway"), RESPONSE_RUN);
+                       _("_Cancel"), GTK_RESPONSE_CANCEL);
+        gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_CANCEL);
 		if (nautilus_file_can_set_permissions (file)) {
 			gtk_dialog_add_button (GTK_DIALOG (dialog),
-					       _("Mark as _Trusted"), RESPONSE_MARK_TRUSTED);
+                           _("Trust and _Launch"), GTK_RESPONSE_OK);
 		}
-		gtk_dialog_add_button (GTK_DIALOG (dialog),
-				       _("_Cancel"), GTK_RESPONSE_CANCEL);
-		gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_CANCEL);
 
 		g_signal_connect (dialog, "response",
 				  G_CALLBACK (untrusted_launcher_response_callback),

Places

File use-file-metadata-for-trusting-desktop-files.patch of Package nautilus.8242

Places