#!/bin/sh # Regarding xdg-open in /etc/mailcap: # # It turns out that xdg-open is not very smart about what it # passes off control to, leading to security problems where (for # example) a file could be provided on a web site as a PDF, but # rather than send it to a PDF viewer, xdg-open sends it to kfmclient # which uses a whole different set of criteria to determine what sort # of file it is. It's trivial to make something that's detected as # a PDF at first, but then is executed as a .desktop file later, # resulting in the execution of arbitrary code as the user. # # This is not acceptable, and we see no way to fix it as long as # xdg-open passes off the resolution of the file type (again) to # something else. In light of the potential security risks, we # will turn off the use of xdg-open if it appears to have been # added by a previous version of the xdg-utils package. # # Vulnerability code: CVE-2009-0068 # First, we will detect an automatically modified mailcap by # looking for the comment "# Sample xdg-open entries:" if [ -r etc/mailcap ]; then if grep -q "^# Sample xdg-open entries:$" etc/mailcap ; then COOKIE=$(usr/bin/mcookie) if [ -z $COOKIE ]; then exit 1 fi # First, add a space to the end of the comment used to detect this # junk so that we won't detect it again (in case the user decides # to enable this themselves later on -- their call). Add a warning # about this type of xdg-open use being insecure. Finally, comment # out any lines like this. echo "# Sample xdg-open entries: " > tmp/mailcap-$COOKIE cat << EOF >> tmp/mailcap-$COOKIE # # NOTE: Using xdg-open in /etc/mailcap in this way has been # shown to be insecure and is not recommended (CVE-2009-0068)! # A remote attacker can easily make a filetype such as a # .desktop script appear to xdg-open as a PDF file causing its # arbitrary contents to be executed. Consider these to be # examples of what NOT to do. The xdg-utils package no longer # adds any lines such as these to /etc/mailcap. # EOF cat etc/mailcap \ | grep -v "# Sample xdg-open entries:" \ | sed -e 's/^audio\/\*; \/usr\/bin\/xdg-open %s/#audio\/\*; \/usr\/bin\/xdg-open %s/g' \ | sed -e 's/^image\/\*; \/usr\/bin\/xdg-open %s/#image\/\*; \/usr\/bin\/xdg-open %s/g' \ | sed -e 's/^application\/msword; \/usr\/bin\/xdg-open %s/#application\/msword; \/usr\/bin\/xdg-open %s/g' \ | sed -e 's/^application\/pdf; \/usr\/bin\/xdg-open %s/#application\/pdf; \/usr\/bin\/xdg-open %s/g' \ | sed -e 's/^application\/postscript ; \/usr\/bin\/xdg-open %s/#application\/postscript ; \/usr\/bin\/xdg-open %s/g' \ | sed -e 's/^text\/html; \/usr\/bin\/xdg-open %s ; copiousoutput/#text\/html; \/usr\/bin\/xdg-open %s ; copiousoutput/g' >> tmp/mailcap-$COOKIE cat tmp/mailcap-$COOKIE > etc/mailcap rm -f tmp/mailcap-$COOKIE fi fi ## BEGIN (HERE IS WHAT CAUSED THIS MESS): ## Add some reasonable default values for xdg-open to /etc/mailcap, ## since this is where many programs look for this information: # #if ! grep -q '# Sample xdg-open entries:' etc/mailcap 1> /dev/null 2> /dev/null ; then # echo "# Sample xdg-open entries:" >> etc/mailcap # echo >> etc/mailcap #fi #if ! grep -q 'audio/' etc/mailcap ; then # echo 'audio/*; /usr/bin/xdg-open %s' >> etc/mailcap # echo >> etc/mailcap #fi #if ! grep -q 'image/' etc/mailcap ; then # echo 'image/*; /usr/bin/xdg-open %s' >> etc/mailcap # echo >> etc/mailcap #fi #if ! grep -q 'application/msword' etc/mailcap ; then # echo 'application/msword; /usr/bin/xdg-open %s' >> etc/mailcap # echo >> etc/mailcap #fi #if ! grep -q 'application/pdf' etc/mailcap ; then # echo 'application/pdf; /usr/bin/xdg-open %s' >> etc/mailcap # echo >> etc/mailcap #fi #if ! grep -q 'application/postscript' etc/mailcap ; then # echo 'application/postscript ; /usr/bin/xdg-open %s' >> etc/mailcap # echo >> etc/mailcap #fi #if ! grep -q '#text/html' etc/mailcap ; then # echo '#text/html; /usr/bin/xdg-open %s ; copiousoutput' >> etc/mailcap # echo >> etc/mailcap #fi ## END