Compare commits
No commits in common. "6b260fa84e75944fd15c3fff1a77723086af2038" and "76ede03bd22aa44695a0f95a95c2edf46690b0e2" have entirely different histories.
6b260fa84e
...
76ede03bd2
|
@ -17,8 +17,3 @@ Copyright: 2020 KDE translators
|
||||||
Files: src/util/org.kde.kpmcore.helperinterface.conf
|
Files: src/util/org.kde.kpmcore.helperinterface.conf
|
||||||
License: MIT
|
License: MIT
|
||||||
Copyright: 2018 Andrius Štikonas <andrius@stikonas.eu>
|
Copyright: 2018 Andrius Štikonas <andrius@stikonas.eu>
|
||||||
|
|
||||||
# Just list of directories
|
|
||||||
Files: src/util/trustedprefixes
|
|
||||||
License: CC0-1.0
|
|
||||||
Copyright: None
|
|
||||||
|
|
|
@ -17,13 +17,10 @@ project(kpmcore VERSION ${RELEASE_SERVICE_VERSION})
|
||||||
set(SOVERSION "12")
|
set(SOVERSION "12")
|
||||||
add_definitions(-D'VERSION="${RELEASE_SERVICE_VERSION}"') #"
|
add_definitions(-D'VERSION="${RELEASE_SERVICE_VERSION}"') #"
|
||||||
|
|
||||||
|
|
||||||
set(CMAKE_USE_RELATIVE_PATHS OFF)
|
set(CMAKE_USE_RELATIVE_PATHS OFF)
|
||||||
set(CMAKE_BUILD_WITH_INSTALL_RPATH ON)
|
set(CMAKE_BUILD_WITH_INSTALL_RPATH ON)
|
||||||
|
|
||||||
# Note that KPMcore is restricted to only run binaries installed into trusted prefixes
|
|
||||||
# See src/util/trustedprefixes
|
|
||||||
# By default this is set to / and /usr which is good for majority of distros
|
|
||||||
|
|
||||||
# Dependencies
|
# Dependencies
|
||||||
set(QT_MIN_VERSION "5.15.0")
|
set(QT_MIN_VERSION "5.15.0")
|
||||||
set(KF5_MIN_VERSION "5.90")
|
set(KF5_MIN_VERSION "5.90")
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
],
|
],
|
||||||
"Category": "BackendPlugin",
|
"Category": "BackendPlugin",
|
||||||
"Description": "A KDE Partition Manager dummy backend for testing purposes.",
|
"Description": "A KDE Partition Manager dummy backend for testing purposes.",
|
||||||
"Description[ca@valencia]": "Un dorsal fals per al gestor de particions de KDE amb la finalitat de fer proves.",
|
"Description[ca@valencia]": "Un dorsal fals per al gestor de particions del KDE amb la finalitat de fer proves.",
|
||||||
"Description[ca]": "Un dorsal fals per al gestor de particions del KDE amb la finalitat de fer proves.",
|
"Description[ca]": "Un dorsal fals per al gestor de particions del KDE amb la finalitat de fer proves.",
|
||||||
"Description[cs]": "Falešná podpůrná vrstva pro správce diskových oddílů KDE pro testovací účely.",
|
"Description[cs]": "Falešná podpůrná vrstva pro správce diskových oddílů KDE pro testovací účely.",
|
||||||
"Description[da]": "En KDE-partitionshåndtering med attrap-backend til testformål.",
|
"Description[da]": "En KDE-partitionshåndtering med attrap-backend til testformål.",
|
||||||
|
@ -75,7 +75,7 @@
|
||||||
"Id": "pmdummybackendplugin",
|
"Id": "pmdummybackendplugin",
|
||||||
"License": "GPL",
|
"License": "GPL",
|
||||||
"Name": "KDE Partition Manager Dummy Backend",
|
"Name": "KDE Partition Manager Dummy Backend",
|
||||||
"Name[ca@valencia]": "Dorsal fals del gestor de particions de KDE",
|
"Name[ca@valencia]": "Dorsal fals del gestor de particions del KDE",
|
||||||
"Name[ca]": "Dorsal fals del gestor de particions del KDE",
|
"Name[ca]": "Dorsal fals del gestor de particions del KDE",
|
||||||
"Name[cs]": "Podpůrná vrstva pro správce diskových oddílů pro KDE",
|
"Name[cs]": "Podpůrná vrstva pro správce diskových oddílů pro KDE",
|
||||||
"Name[da]": "KDE-partitionshåndtering med attrap-backend",
|
"Name[da]": "KDE-partitionshåndtering med attrap-backend",
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
],
|
],
|
||||||
"Category": "BackendPlugin",
|
"Category": "BackendPlugin",
|
||||||
"Description": "A KDE Partition Manager sfdisk backend.",
|
"Description": "A KDE Partition Manager sfdisk backend.",
|
||||||
"Description[ca@valencia]": "Un dorsal «sfdisk» del gestor de particions de KDE.",
|
"Description[ca@valencia]": "Un dorsal «sfdisk» del gestor de particions del KDE.",
|
||||||
"Description[ca]": "Un dorsal «sfdisk» del gestor de particions del KDE.",
|
"Description[ca]": "Un dorsal «sfdisk» del gestor de particions del KDE.",
|
||||||
"Description[cs]": "Podpůrná vrstva sfdisk pro správce diskových oddílů pro KDE.",
|
"Description[cs]": "Podpůrná vrstva sfdisk pro správce diskových oddílů pro KDE.",
|
||||||
"Description[da]": "En KDE-partitionshåndtering med sfdisk-backend.",
|
"Description[da]": "En KDE-partitionshåndtering med sfdisk-backend.",
|
||||||
|
@ -75,7 +75,7 @@
|
||||||
"Id": "pmsfdiskbackendplugin",
|
"Id": "pmsfdiskbackendplugin",
|
||||||
"License": "GPL",
|
"License": "GPL",
|
||||||
"Name": "KDE Partition Manager sfdisk Backend",
|
"Name": "KDE Partition Manager sfdisk Backend",
|
||||||
"Name[ca@valencia]": "Dorsal «sfdisk» del gestor de particions de KDE",
|
"Name[ca@valencia]": "Dorsal «sfdisk» del gestor de particions del KDE",
|
||||||
"Name[ca]": "Dorsal «sfdisk» del gestor de particions del KDE",
|
"Name[ca]": "Dorsal «sfdisk» del gestor de particions del KDE",
|
||||||
"Name[cs]": "Podpůrná vrstva sfdisk pro správce diskových oddílů pro KDE",
|
"Name[cs]": "Podpůrná vrstva sfdisk pro správce diskových oddílů pro KDE",
|
||||||
"Name[da]": "KDE-partitionshåndtering med sfdisk-backend",
|
"Name[da]": "KDE-partitionshåndtering med sfdisk-backend",
|
||||||
|
|
|
@ -11,16 +11,6 @@
|
||||||
|
|
||||||
set(helper_interface_xml org.kde.kpmcore.helperinterface.xml)
|
set(helper_interface_xml org.kde.kpmcore.helperinterface.xml)
|
||||||
|
|
||||||
FILE(READ "util/trustedprefixes" TRUSTED_PREFIXES)
|
|
||||||
STRING(REGEX REPLACE ";" "\\\\;" TRUSTED_PREFIXES "${TRUSTED_PREFIXES}")
|
|
||||||
STRING(REGEX REPLACE "\n" ";" TRUSTED_PREFIXES "${TRUSTED_PREFIXES}")
|
|
||||||
foreach(TRUSTED_PREFIX ${TRUSTED_PREFIXES})
|
|
||||||
list(APPEND TRUSTED_PREFIXES_LIST " QStringLiteral(\"${TRUSTED_PREFIX}\")")
|
|
||||||
endforeach()
|
|
||||||
string(REPLACE "; QStringLiteral(" ",\n QStringLiteral(" TRUSTED_PREFIXES_LIST "${TRUSTED_PREFIXES_LIST}")
|
|
||||||
set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS util/trustedprefixes)
|
|
||||||
configure_file(util/externalcommand_trustedprefixes.h.in util/externalcommand_trustedprefixes.h)
|
|
||||||
|
|
||||||
qt_generate_dbus_interface(
|
qt_generate_dbus_interface(
|
||||||
util/externalcommand.h
|
util/externalcommand.h
|
||||||
${application_interface_xml}
|
${application_interface_xml}
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
/*
|
|
||||||
SPDX-FileCopyrightText: 2022 Andrius Štikonas <andrius@stikonas.eu>
|
|
||||||
SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
*/
|
|
||||||
|
|
||||||
const std::unordered_set<QString> trustedPrefixes {
|
|
||||||
@TRUSTED_PREFIXES_LIST@
|
|
||||||
};
|
|
|
@ -9,7 +9,6 @@
|
||||||
#define KPMCORE_EXTERNALCOMMAND_WHITELIST_H
|
#define KPMCORE_EXTERNALCOMMAND_WHITELIST_H
|
||||||
|
|
||||||
#include <unordered_set>
|
#include <unordered_set>
|
||||||
#include "util/externalcommand_trustedprefixes.h"
|
|
||||||
|
|
||||||
const std::unordered_set<QString> allowedCommands {
|
const std::unordered_set<QString> allowedCommands {
|
||||||
// TODO no root needed
|
// TODO no root needed
|
||||||
|
|
|
@ -19,10 +19,8 @@
|
||||||
|
|
||||||
#include <QCoreApplication>
|
#include <QCoreApplication>
|
||||||
#include <QDebug>
|
#include <QDebug>
|
||||||
#include <QDir>
|
|
||||||
#include <QElapsedTimer>
|
#include <QElapsedTimer>
|
||||||
#include <QFile>
|
#include <QFile>
|
||||||
#include <QFileInfo>
|
|
||||||
#include <QString>
|
#include <QString>
|
||||||
#include <QVariant>
|
#include <QVariant>
|
||||||
|
|
||||||
|
@ -348,23 +346,9 @@ QVariantMap ExternalCommandHelper::RunCommand(const QString& command, const QStr
|
||||||
}
|
}
|
||||||
|
|
||||||
// Compare with command whitelist
|
// Compare with command whitelist
|
||||||
QFileInfo fileInfo(command);
|
QString basename = command.mid(command.lastIndexOf(QLatin1Char('/')) + 1);
|
||||||
QString basename = fileInfo.fileName();
|
|
||||||
if (allowedCommands.find(basename) == allowedCommands.end()) { // TODO: C++20: replace with contains
|
if (allowedCommands.find(basename) == allowedCommands.end()) { // TODO: C++20: replace with contains
|
||||||
qInfo() << command << "command is not one of the whitelisted commands";
|
qInfo() << command <<" command is not one of the whitelisted command";
|
||||||
reply[QStringLiteral("success")] = false;
|
|
||||||
return reply;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Make sure command is located in the trusted prefix
|
|
||||||
QDir prefix = fileInfo.absoluteDir();
|
|
||||||
QString dirname = prefix.dirName();
|
|
||||||
if (dirname == QStringLiteral("bin") || dirname == QStringLiteral("sbin")) {
|
|
||||||
prefix.cdUp();
|
|
||||||
}
|
|
||||||
if (trustedPrefixes.find(prefix.path()) == trustedPrefixes.end()) { // TODO: C++20: replace with contains
|
|
||||||
qInfo() << prefix.path() << "prefix is not one of the trusted command prefixes";
|
|
||||||
reply[QStringLiteral("success")] = false;
|
|
||||||
return reply;
|
return reply;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,6 @@ SPDX-License-Identifier: CC0-1.0
|
||||||
<action id="org.kde.kpmcore.externalcommand.init" >
|
<action id="org.kde.kpmcore.externalcommand.init" >
|
||||||
<description>Run privileged partition manager helper</description>
|
<description>Run privileged partition manager helper</description>
|
||||||
<description xml:lang="ca">Executa l'ajudant del gestor de particions amb privilegis</description>
|
<description xml:lang="ca">Executa l'ajudant del gestor de particions amb privilegis</description>
|
||||||
<description xml:lang="ca@valencia">Executa l'ajudant del gestor de particions amb privilegis</description>
|
|
||||||
<description xml:lang="en_GB">Run privileged partition manager helper</description>
|
<description xml:lang="en_GB">Run privileged partition manager helper</description>
|
||||||
<description xml:lang="es">Ejecutar la aplicación auxiliar de gestión de particiones con privilegios</description>
|
<description xml:lang="es">Ejecutar la aplicación auxiliar de gestión de particiones con privilegios</description>
|
||||||
<description xml:lang="fr">Lancer l'assistant de gestionnaire de partition en mode administrateur</description>
|
<description xml:lang="fr">Lancer l'assistant de gestionnaire de partition en mode administrateur</description>
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
/
|
|
||||||
/usr
|
|
Loading…
Reference in New Issue