diff options
| author | Alexander Larsson <alexl@redhat.com> | 2009-02-20 07:46:57 +0000 |
|---|---|---|
| committer | Alexander Larsson <alexl@src.gnome.org> | 2009-02-20 07:46:57 +0000 |
| commit | 9fdf70ba5f1b997181501ca81e69343c650c9bed (patch) | |
| tree | ef938d717af7e75beba5d38688fde7a2ac64006b /gio | |
| parent | 25e5d1ba2c3253f2a05d1771e6839aab587d8346 (diff) | |
| download | glib-9fdf70ba5f1b997181501ca81e69343c650c9bed.tar.gz | |
Don't ever sniff desktop files when the filename is known. In other words,
2009-02-20 Alexander Larsson <alexl@redhat.com>
* gcontenttype.c:
(g_content_type_guess):
Don't ever sniff desktop files when the filename is known.
In other words, only allow desktop files with the .desktop extension
and when the filename isn't known.
This is a security precaution since desktop files can execute
arbitrary code when launched and we don't want to allow them to
try and hide as another type. There is no legit reason to not
have the .desktop extension anyway.
svn path=/trunk/; revision=7892
Diffstat (limited to 'gio')
| -rw-r--r-- | gio/ChangeLog | 12 | ||||
| -rw-r--r-- | gio/gcontenttype.c | 10 |
2 files changed, 22 insertions, 0 deletions
diff --git a/gio/ChangeLog b/gio/ChangeLog index cca732eaa..82d5493ba 100644 --- a/gio/ChangeLog +++ b/gio/ChangeLog @@ -1,3 +1,15 @@ +2009-02-20 Alexander Larsson <alexl@redhat.com> + + * gcontenttype.c: + (g_content_type_guess): + Don't ever sniff desktop files when the filename is known. + In other words, only allow desktop files with the .desktop extension + and when the filename isn't known. + This is a security precaution since desktop files can execute + arbitrary code when launched and we don't want to allow them to + try and hide as another type. There is no legit reason to not + have the .desktop extension anyway. + 2009-02-19 Alexander Larsson <alexl@redhat.com> Bug 549298 – impossible to copy files with p (pipe) flag diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c index 90ce25152..3c7b16f28 100644 --- a/gio/gcontenttype.c +++ b/gio/gcontenttype.c @@ -933,6 +933,16 @@ g_content_type_guess (const char *filename, data && looks_like_text (data, data_size)) sniffed_mimetype = "text/plain"; + + /* For security reasons we don't ever want to sniff desktop files + * where we know the filename and it doesn't have a .desktop extension. + * This is because desktop files allow executing any application and + * we don't want to make it possible to hide them looking like something + * else. + */ + if (filename != NULL && + strcmp (sniffed_mimetype, "application/x-desktop") == 0) + sniffed_mimetype = "text/plain"; } if (n_name_mimetypes == 0) |