[ubuntu-hardened] Nautilus 3.24 and Execute-Permission Bit Required

Marc Deslauriers marc.deslauriers at canonical.com
Mon May 1 01:13:07 UTC 2017


On 2017-04-30 06:12 PM, Jeremy Bicha wrote:
> In 2010, the Ubuntu Security Team asked for and received Ubuntu Tech
> Board approval for a policy [1] that created nautilus'
> 06_never_exec_nonexec_launchers.patch [2].
> To launch a .desktop file in the home folder, Nautilus requires that
> it be marked as executable. Nautilus 3.24 strengthened security by
> requiring that it be marked as trusted in the user's gvfs database
> [3]. Ubuntu 17.10 "Artful" now has Nautilus 3.24.
> The problem is that all existing .desktop launchers now in the home
> directory no longer work. And there is not an easy way for a user to
> bypass this like they could before 17.10. [4]
> Without Ubuntu's patch, Nautilus provides a "Trust and Launch" button.
> I have a temporary PPA [5] if you want to test how this works. Be sure
> to completely kill nautilus after changing your nautilus version since
> it continues to run in the background.
> Here are some possibilities:
> 1. Keep things as are. Existing .desktop launchers will stop working.
> We can hope that tools that allow a user to drag-and-drop .desktops to
> the home folder will add the metadata themselves. GNOME's Applications
> menu extension does this now. [6]
> 2. Revert the 3.24 change in order to restore 3.22 behavior.
> 3. Drop Ubuntu's patch. I believe this would need Tech Board approval.

I strongly believe we should still require executable permissions, and should
not display an easy click-through dialog to set them.

The additional Nautilus requirement of marking an executable trusted in the
user's gvfs database is an improvement on top of that.

The 06_never_exec_nonexec_launchers.patch simply needs to be updated so that
Nautilus will display the "Trust and Launch" button only when execute
permissions are present on the .desktop file.


More information about the ubuntu-hardened mailing list