Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement qubes.OpenURL service instead of wrapping URLs in HTML

Browse Source 
This have many advantages:
 - prevent XSS (QubesOS/qubes-issues#1462)
 - use default browser instead of default HTML viewer
 - better qrexec policy control
 - easier to control where are opened files vs URLs

For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.

QubesOS/qubes-issues#1462
Fixes QubesOS/qubes-issues#1487
This commit is contained in:
Marek Marczykowski-Górecki 2016-05-17 21:50:20 +02:00
parent ff2678d2f5
commit 19921274e1
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
6 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -203,7 +203,6 @@ install-common:
install -m 0755 misc/qubes-session-autostart $(DESTDIR)/usr/bin/qubes-session-autostart install -m 0755 misc/qubes-session-autostart $(DESTDIR)/usr/bin/qubes-session-autostart
install qubes-rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-move-to-vm,qvm-run,qvm-mru-entry} $(DESTDIR)/usr/bin install qubes-rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-move-to-vm,qvm-run,qvm-mru-entry} $(DESTDIR)/usr/bin
install qubes-rpc/wrap-in-html-if-url.sh $(DESTDIR)$(LIBDIR)/qubes
install qubes-rpc/qvm-copy-to-vm.kde $(DESTDIR)$(LIBDIR)/qubes install qubes-rpc/qvm-copy-to-vm.kde $(DESTDIR)$(LIBDIR)/qubes
install qubes-rpc/qvm-copy-to-vm.gnome $(DESTDIR)$(LIBDIR)/qubes install qubes-rpc/qvm-copy-to-vm.gnome $(DESTDIR)$(LIBDIR)/qubes
install qubes-rpc/qvm-move-to-vm.kde $(DESTDIR)$(LIBDIR)/qubes install qubes-rpc/qvm-move-to-vm.kde $(DESTDIR)$(LIBDIR)/qubes
@ -222,6 +221,7 @@ install-common:
install -m 0644 qubes-rpc/{qvm-copy.desktop,qvm-move.desktop,qvm-dvm.desktop} $(DESTDIR)/$(KDESERVICEDIR) install -m 0644 qubes-rpc/{qvm-copy.desktop,qvm-move.desktop,qvm-dvm.desktop} $(DESTDIR)/$(KDESERVICEDIR)
install -d $(DESTDIR)/etc/qubes-rpc install -d $(DESTDIR)/etc/qubes-rpc
install -m 0644 qubes-rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $(DESTDIR)/etc/qubes-rpc install -m 0644 qubes-rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $(DESTDIR)/etc/qubes-rpc
install -m 0755 qubes-rpc/qubes.OpenURL $(DESTDIR)/etc/qubes-rpc
install -m 0644 qubes-rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $(DESTDIR)/etc/qubes-rpc install -m 0644 qubes-rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $(DESTDIR)/etc/qubes-rpc
install -m 0755 qubes-rpc/qubes.SuspendPreAll $(DESTDIR)/etc/qubes-rpc install -m 0755 qubes-rpc/qubes.SuspendPreAll $(DESTDIR)/etc/qubes-rpc
install -m 0755 qubes-rpc/qubes.SuspendPostAll $(DESTDIR)/etc/qubes-rpc install -m 0755 qubes-rpc/qubes.SuspendPostAll $(DESTDIR)/etc/qubes-rpc

16
qubes-rpc/qubes.OpenURL Executable file
View File

@ -0,0 +1,16 @@
#!/bin/sh
read url
case "$url" in
http://*|\
https://*|\
ftp://*)
exec qubes-open "$url"
;;
*)
echo "Invalid URL" >&2
exit 1
;;
esac

5
qubes-rpc/qvm-open-in-dvm
View File

@ -25,7 +25,4 @@ if ! [ $# = 1 ] ; then
exit 1 exit 1
fi fi
. /usr/lib/qubes/wrap-in-html-if-url.sh exec qvm-open-in-vm '$dispvm' "$1"
wrap_in_html_if_url "$1"
exec /usr/lib/qubes/qrexec-client-vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$FILE_ARGUMENT"

12
qubes-rpc/qvm-open-in-vm
View File

@ -24,6 +24,12 @@ if ! [ $# = 2 ] ; then
echo "Usage: $0 vmname filename" echo "Usage: $0 vmname filename"
exit 1 exit 1
fi fi
. /usr/lib/qubes/wrap-in-html-if-url.sh
wrap_in_html_if_url "$2" case "$2" in
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$FILE_ARGUMENT" *://*)
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenURL /bin/echo "$2"
;;
*)
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$2"
;;
esac

19
qubes-rpc/wrap-in-html-if-url.sh
View File

@ -1,19 +0,0 @@
#!/bin/sh
wrap_in_html_if_url()
{
case "$1" in
*://*)
FILE_ARGUMENT=$(mktemp)
echo -n '<html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>'
echo -n '<meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT
echo -n "$1" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g; s/"/\&quot;/g; s/'"'"'/\&#39;/g' >> $FILE_ARGUMENT
echo '"/></html>' >> $FILE_ARGUMENT
;;
*)
FILE_ARGUMENT="$1"
;;
esac
}

2
rpm_spec/core-vm.spec
View File

@ -333,6 +333,7 @@ rm -f %{name}-%{version}
%dir /etc/qubes-rpc %dir /etc/qubes-rpc
%config(noreplace) /etc/qubes-rpc/qubes.Filecopy %config(noreplace) /etc/qubes-rpc/qubes.Filecopy
%config(noreplace) /etc/qubes-rpc/qubes.OpenInVM %config(noreplace) /etc/qubes-rpc/qubes.OpenInVM
%config(noreplace) /etc/qubes-rpc/qubes.OpenURL
%config(noreplace) /etc/qubes-rpc/qubes.GetAppmenus %config(noreplace) /etc/qubes-rpc/qubes.GetAppmenus
%config(noreplace) /etc/qubes-rpc/qubes.VMShell %config(noreplace) /etc/qubes-rpc/qubes.VMShell
%config(noreplace) /etc/qubes-rpc/qubes.SyncNtpClock %config(noreplace) /etc/qubes-rpc/qubes.SyncNtpClock
@ -415,7 +416,6 @@ rm -f %{name}-%{version}
/usr/lib/qubes/setup-ip /usr/lib/qubes/setup-ip
/usr/lib/qubes/tar2qfile /usr/lib/qubes/tar2qfile
/usr/lib/qubes/vm-file-editor /usr/lib/qubes/vm-file-editor
/usr/lib/qubes/wrap-in-html-if-url.sh
/usr/lib/qubes/iptables-updates-proxy /usr/lib/qubes/iptables-updates-proxy
/usr/lib/qubes/close-window /usr/lib/qubes/close-window
/usr/lib/qubes/xdg-icon /usr/lib/qubes/xdg-icon