Advisory: Vulnerability in Opera's use of kfmclient
Since version 7.50, Opera for Linux has offered theuser a new way to open files which Opera can not openitself: "Open with kfmclient". This feature can beexploited to run malicious code on the user's computer.
The kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its MIMEtype, and performs the action assigned to that MIME typein KDE's configuration. If the file type is an executable,kfmclient may execute it.
Opera will not save downloaded files with the executablefile permission set. On a normal Linux system this willprevent binary executables from being executed. Scriptsmay be executed, depending on KDE's settings.
There is one file type that will always be opened andinterpreted by KDE; the .desktop type. It can containan arbitrary shell command which will be executed byKDE when the file is opened. .desktop files are nottreated as executables, they will work without theexecutable file permission.
Opera 7.54u2 and the Opera 8.0 beta recognise .desktopfiles and show a stern warning when the user clicks "Open":
File is executable or contains an executable script.You may want to save the file to disk before using it."
Users who prefer that file types unknown to Opera arenot handled by kfmclient, can change that in Preferences >File types > Handlers for saved files. Select the "Files"row, and click "Change" to edit the name of the programto open the files with. For example a text editor, likeemacs or gedit.
Thanks to Giovanni Delvecchio, who brought this vulnerabilityin kfmclient to our attention