Bug 183525

Summary: Make kde-open secure to be used in /etc/mailcap
Product: [Unmaintained] kio Reporter: Manuel Reimer <manuel.spam>
Component: generalAssignee: David Faure <faure>
Status: RESOLVED FIXED    
Severity: normal CC: faure
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Slackware   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Patch for kde-open

Description Manuel Reimer 2009-02-07 08:27:56 UTC 
Version:            (using KDE 4.2.0)
OS:                Linux
Installed from:    Slackware Packages

As Firefox wants to be a "Gnome application", it most probably will never allow users to easily open files from web in the user's preferred application. The only way to tell firefox about some default applications, for distributors, is the /etc/mailcap file. So it would be nice to be able to use kde-open there, to link some MIME types to it and so to allow users to easily view files directly from web. To be able to do this, without opening a security hole, kde-open should be patched to not longer open executable files.

My attached patch will modify kde-open. Maybe it would be a better idea to create a new binary "kde-view", but for a patch, which creates a new binary, I would need some help by a experienced KDE developer...
Comment 1 Manuel Reimer 2009-02-07 08:29:48 UTC 
Created attachment 31070 [details]
Patch for kde-open
Comment 2 David Faure 2009-02-09 13:54:02 UTC 
SVN commit 923784 by dfaure:

Introduce a difference between kde-open and kioclient exec:
* kde-open will refuse to start executables, making it safer to use as the generic handler
to "open any file from the web or from an email with its associated program", as suggested
in 183525 (e.g. in /etc/mailcap).
* If starting of executables is wanted as well, kioclient exec can still be used.
Thanks for the patch!
BUG: 183525


 M  +9 -7      kioclient.cpp  
 M  +1 -1      kioclient.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=923784