Bug 264749

Summary:	KDE should execute scripts in .kde/env only if they have the executable permission set
Product:	[I don't know] kde	Reporter:	Alvaro Manuel Recio Perez <amrecio>
Component:	general	Assignee:	Unassigned bugs <unassigned-bugs-null>
Status:	RESOLVED NOT A BUG
Severity:	normal	CC:	adaptee
Priority:	NOR
Version First Reported In:	4.6
Target Milestone:	---
Platform:	Ubuntu
OS:	Linux
Latest Commit:		Version Fixed In:
Sentry Crash Report:

Description Alvaro Manuel Recio Perez 2011-01-29 15:22:39 UTC

Version:           4.6 (using KDE 4.6.0) 
OS:                Linux

Right now, KDE executes every script in .kde/env regardless of its executable permission. For coherency with the rest of the system and for security reasons, I think KDE should execute these scripts only if they have the executable permission set for them.

Reproducible: Always

Steps to Reproduce:
1. Create a script in .kde/env but don't make it executable.
2. Start KDE.

Actual Results:  
3. The script is executed.

Expected Results:  
The script should only be executed if it has executable permission.

Scripts in .kde/env are not restricted to setting environment variables. If a bug in another program can force it to drop a file there, the script will bi executed without being noticed the next time KDE is started.

Comment 1 Jekyll Wu 2011-07-09 15:02:11 UTC

I think you misunderstood the purpose of those files under ~/.kde4/env.

They are used for setting up extra environment variables for your KDE session. So they will and have to be *sourced*, not *executed*, by /usr/bin/startkde. The 
detail is listed below :

libpath=`kde4-config --path lib | tr : '\n'`$(echo -e '\n/etc/kde/lib/')

for prefix in `echo "$libpath" | sed -n -e 's,/lib[^/]*/,/env/,p'`; do
  for file in "$prefix"*.sh; do
    test -r "$file" && . "$file"
  done
done

So only read permission matters, and execution permission does not make difference.

Comment 2 Alvaro Manuel Recio Perez 2011-07-10 01:42:40 UTC

Yes, you're right, I mixed up the concepts. Sorry.