Bug 96730

Summary: RFE: insecure use of $KDE_SESSION_VERSION
Product: Portland Reporter: Rex Dieter <rdieter>
Component: xdg-utilsAssignee: Portland Bugs <portland-bugs>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Rex Dieter 2016-06-29 16:20:58 UTC 
Seems xdg-util's use of $KDE_SESSION_VERSION is (potentially) insecure.  See also 
https://bugs.freedesktop.org/show_bug.cgi?id=96713#c3

Could consider probing for kde/plasma similar to how gnome3 is done, via dbus, candidates include:


plasma5:
qdbus org.kde.plasmashell /MainApplication org.qtproject.QtQCoreApplication.applicationVersion
matches string "5.*"

plasma4:
qdbus org.kde.plasma-desktop /MainApplication org.qtproject.Qt.QCoreApplication.applicationName
matches string "plasma-desktop"
Comment 1 Rex Dieter 2016-06-29 16:51:03 UTC 
OK, upon feedback and further reflection, it's mostly fine as-is within your own session (things only get tricky propagating it via pkexec or similar.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.