mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
101 lines
4 KiB
Bash
101 lines
4 KiB
Bash
|
#!/bin/sh
|
||
|
# Regarding xdg-open in /etc/mailcap:
|
||
|
#
|
||
|
# It turns out that xdg-open is not very smart about what it
|
||
|
# passes off control to, leading to security problems where (for
|
||
|
# example) a file could be provided on a web site as a PDF, but
|
||
|
# rather than send it to a PDF viewer, xdg-open sends it to kfmclient
|
||
|
# which uses a whole different set of criteria to determine what sort
|
||
|
# of file it is. It's trivial to make something that's detected as
|
||
|
# a PDF at first, but then is executed as a .desktop file later,
|
||
|
# resulting in the execution of arbitrary code as the user.
|
||
|
#
|
||
|
# This is not acceptable, and we see no way to fix it as long as
|
||
|
# xdg-open passes off the resolution of the file type (again) to
|
||
|
# something else. In light of the potential security risks, we
|
||
|
# will turn off the use of xdg-open if it appears to have been
|
||
|
# added by a previous version of the xdg-utils package.
|
||
|
#
|
||
|
# Vulnerability code: CVE-2009-0068
|
||
|
|
||
|
# First, we will detect an automatically modified mailcap by
|
||
|
# looking for the comment "# Sample xdg-open entries:"
|
||
|
|
||
|
if [ -r etc/mailcap ]; then
|
||
|
if grep -q "^# Sample xdg-open entries:$" etc/mailcap ; then
|
||
|
|
||
|
COOKIE=$(usr/bin/mcookie)
|
||
|
if [ -z $COOKIE ]; then
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# First, add a space to the end of the comment used to detect this
|
||
|
# junk so that we won't detect it again (in case the user decides
|
||
|
# to enable this themselves later on -- their call). Add a warning
|
||
|
# about this type of xdg-open use being insecure. Finally, comment
|
||
|
# out any lines like this.
|
||
|
|
||
|
echo "# Sample xdg-open entries: " > tmp/mailcap-$COOKIE
|
||
|
cat << EOF >> tmp/mailcap-$COOKIE
|
||
|
#
|
||
|
# NOTE: Using xdg-open in /etc/mailcap in this way has been
|
||
|
# shown to be insecure and is not recommended (CVE-2009-0068)!
|
||
|
# A remote attacker can easily make a filetype such as a
|
||
|
# .desktop script appear to xdg-open as a PDF file causing its
|
||
|
# arbitrary contents to be executed. Consider these to be
|
||
|
# examples of what NOT to do. The xdg-utils package no longer
|
||
|
# adds any lines such as these to /etc/mailcap.
|
||
|
#
|
||
|
EOF
|
||
|
cat etc/mailcap \
|
||
|
| grep -v "# Sample xdg-open entries:" \
|
||
|
| sed -e 's/^audio\/\*; \/usr\/bin\/xdg-open %s/#audio\/\*; \/usr\/bin\/xdg-open %s/g' \
|
||
|
| sed -e 's/^image\/\*; \/usr\/bin\/xdg-open %s/#image\/\*; \/usr\/bin\/xdg-open %s/g' \
|
||
|
| sed -e 's/^application\/msword; \/usr\/bin\/xdg-open %s/#application\/msword; \/usr\/bin\/xdg-open %s/g' \
|
||
|
| sed -e 's/^application\/pdf; \/usr\/bin\/xdg-open %s/#application\/pdf; \/usr\/bin\/xdg-open %s/g' \
|
||
|
| sed -e 's/^application\/postscript ; \/usr\/bin\/xdg-open %s/#application\/postscript ; \/usr\/bin\/xdg-open %s/g' \
|
||
|
| sed -e 's/^text\/html; \/usr\/bin\/xdg-open %s ; copiousoutput/#text\/html; \/usr\/bin\/xdg-open %s ; copiousoutput/g' >> tmp/mailcap-$COOKIE
|
||
|
|
||
|
cat tmp/mailcap-$COOKIE > etc/mailcap
|
||
|
rm -f tmp/mailcap-$COOKIE
|
||
|
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
## BEGIN (HERE IS WHAT CAUSED THIS MESS):
|
||
|
|
||
|
## Add some reasonable default values for xdg-open to /etc/mailcap,
|
||
|
## since this is where many programs look for this information:
|
||
|
#
|
||
|
#if ! grep -q '# Sample xdg-open entries:' etc/mailcap 1> /dev/null 2> /dev/null ; then
|
||
|
# echo "# Sample xdg-open entries:" >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
#if ! grep -q 'audio/' etc/mailcap ; then
|
||
|
# echo 'audio/*; /usr/bin/xdg-open %s' >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
#if ! grep -q 'image/' etc/mailcap ; then
|
||
|
# echo 'image/*; /usr/bin/xdg-open %s' >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
#if ! grep -q 'application/msword' etc/mailcap ; then
|
||
|
# echo 'application/msword; /usr/bin/xdg-open %s' >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
#if ! grep -q 'application/pdf' etc/mailcap ; then
|
||
|
# echo 'application/pdf; /usr/bin/xdg-open %s' >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
#if ! grep -q 'application/postscript' etc/mailcap ; then
|
||
|
# echo 'application/postscript ; /usr/bin/xdg-open %s' >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
#if ! grep -q '#text/html' etc/mailcap ; then
|
||
|
# echo '#text/html; /usr/bin/xdg-open %s ; copiousoutput' >> etc/mailcap
|
||
|
# echo >> etc/mailcap
|
||
|
#fi
|
||
|
|
||
|
## END
|
||
|
|