Skip to content

Protection against file type spoofing #54

Description

@randomstuff

This is a copy of https://sourceforge.net/p/pcmanfm/feature-requests/436/

When called with a regular file as CLI argument, PCManFM (as well as several other file managers) delegate to another program (based on file type inferred from file extension or file content) for opening the file.

Moreover, PCManFM is associated with the inode/directory pseudo MIME type (Exec=pcmanfm %U).

This makes it possible for a malicious web server to trick the user into believing he is about to open a file with the file manager whereas he is actually going to open it with another software (https://www.openwall.com/lists/oss-security/2023/01/05/1).

It might make sense to prevent PCManFM invocation triggered through file type association to trigger invocation of other programs.

This might be implemented either by:

Solution 1: not invoking other programs when passed a regular file as CLI argument

Instead, PCManFM would only open the directory containing the file (and possibly preselect the file).

This arguably makes sense from a user's point of view:

  1. it makes a lot of sense to actually open a PCManFM window when the pcmanfm command is invoked;
  2. this is actually what is documented in the man page.

However, this would break xdg-open which currently relies on pcmanfm to handle regular files under LXDE.

Solution 2: adding a --directory parameter in the Exec line

When invoked with this extra argument, pcmanfm would reject opening non-directory files. This would preserve the existing behavior (including compatibility for xdg-open).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions