GNOME Bugzilla – Bug 342144
Ask dialog less secure for python clients
Last modified: 2011-03-09 16:20:28 UTC
The ask dialog currently prints two informations regarding the application that requests authorization:
1- The app name set from gnome_program_init;
2- The process exe name.
In case of python applications, the exe name is always /foo/bar/python. The program being executed is the first argument, which is not displayed. Thus, it is possible for a rogue program to pretend to be a well known and trust python program (e.g. gajim), and the user could never tell the difference.
My proposal would be to display the full command line (on linux, /proc/<pid>/cmdline) instead of the exe.
Created attachment 65689 [details]
screenshot showing what happens now for python programs
Created attachment 65696 [details] [review]
I think that we cannot use command line for all applications, just because for example clicking on a photo in nautilus would use "eog photo2.jpg" and would add an ACL entry for that exact command line and then clicking on photo3.jpg would request again auth.
Maybe we can just use an special case for java and python GNOME apps, but again not using the full command line only the "code" to use. I guess that it could be rather difficult, for exmple with java your code to exec is a combination of -classpath and something more for the main class.
You're right. I forgot about the ACLs; the patch's only intention was to change the string that is displayed to the user, not change any ACLs.
*** Bug 388374 has been marked as a duplicate of this bug. ***
We're working on a solution for this in 2.28, by reorganizing how ACLs work.
We no longer support ACLs.