Bug 96730 - RFE: insecure use of $KDE_SESSION_VERSION
Summary: RFE: insecure use of $KDE_SESSION_VERSION
Status: RESOLVED INVALID
Alias: None
Product: Portland
Classification: Unclassified
Component: xdg-utils (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Portland Bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-29 16:20 UTC by Rex Dieter
Modified: 2016-06-29 16:51 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Rex Dieter 2016-06-29 16:20:58 UTC 
Seems xdg-util's use of $KDE_SESSION_VERSION is (potentially) insecure.  See also 
https://bugs.freedesktop.org/show_bug.cgi?id=96713#c3

Could consider probing for kde/plasma similar to how gnome3 is done, via dbus, candidates include:


plasma5:
qdbus org.kde.plasmashell /MainApplication org.qtproject.QtQCoreApplication.applicationVersion
matches string "5.*"

plasma4:
qdbus org.kde.plasma-desktop /MainApplication org.qtproject.Qt.QCoreApplication.applicationName
matches string "plasma-desktop"
Comment 1 Rex Dieter 2016-06-29 16:51:03 UTC 
OK, upon feedback and further reflection, it's mostly fine as-is within your own session (things only get tricky propagating it via pkexec or similar.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.