This is a copy of https://sourceforge.net/p/pcmanfm/feature-requests/436/
When called with a regular file as CLI argument, PCManFM (as well as several other file managers) delegate to another program (based on file type inferred from file extension or file content) for opening the file.
Moreover, PCManFM is associated with the inode/directory pseudo MIME type (Exec=pcmanfm %U).
This makes it possible for a malicious web server to trick the user into believing he is about to open a file with the file manager whereas he is actually going to open it with another software (https://www.openwall.com/lists/oss-security/2023/01/05/1).
It might make sense to prevent PCManFM invocation triggered through file type association to trigger invocation of other programs.
This might be implemented either by:
Solution 1: not invoking other programs when passed a regular file as CLI argument
Instead, PCManFM would only open the directory containing the file (and possibly preselect the file).
This arguably makes sense from a user's point of view:
- it makes a lot of sense to actually open a PCManFM window when the
pcmanfm command is invoked;
- this is actually what is documented in the man page.
However, this would break xdg-open which currently relies on pcmanfm to handle regular files under LXDE.
Solution 2: adding a --directory parameter in the Exec line
When invoked with this extra argument, pcmanfm would reject opening non-directory files. This would preserve the existing behavior (including compatibility for xdg-open).
This is a copy of https://sourceforge.net/p/pcmanfm/feature-requests/436/
When called with a regular file as CLI argument, PCManFM (as well as several other file managers) delegate to another program (based on file type inferred from file extension or file content) for opening the file.
Moreover, PCManFM is associated with the
inode/directorypseudo MIME type (Exec=pcmanfm %U).This makes it possible for a malicious web server to trick the user into believing he is about to open a file with the file manager whereas he is actually going to open it with another software (https://www.openwall.com/lists/oss-security/2023/01/05/1).
It might make sense to prevent PCManFM invocation triggered through file type association to trigger invocation of other programs.
This might be implemented either by:
Solution 1: not invoking other programs when passed a regular file as CLI argument
Instead, PCManFM would only open the directory containing the file (and possibly preselect the file).
This arguably makes sense from a user's point of view:
pcmanfmcommand is invoked;However, this would break
xdg-openwhich currently relies onpcmanfmto handle regular files under LXDE.Solution 2: adding a
--directoryparameter in theExeclineWhen invoked with this extra argument, pcmanfm would reject opening non-directory files. This would preserve the existing behavior (including compatibility for
xdg-open).