Search the knowledgebase


Advisory: Vulnerability in Opera's use of kfmclient

Severity: Moderate

Since version 7.50, Opera for Linux has offered the user a new way to open files which Opera can not open itself: "Open with kfmclient". This feature can be exploited to run malicious code on the user's computer.

Problem description

The kfmclient is a part of the KDE desktop environment. It inspects the file given to it to determine its MIME type, and performs the action assigned to that MIME type in KDE's configuration. If the file type is an executable, kfmclient may execute it.

Opera will not save downloaded files with the executable file permission set. On a normal Linux system this will prevent binary executables from being executed. Scripts may be executed, depending on KDE's settings.

There is one file type that will always be opened and interpreted by KDE; the .desktop type. It can contain an arbitrary shell command which will be executed by KDE when the file is opened. .desktop files are not treated as executables, they will work without the executable file permission.

Opera's response

Opera 7.54u2 and the Opera 8.0 beta recognise .desktop files and show a stern warning when the user clicks "Open":

"WARNING
File is executable or contains an executable script. You may want to save the file to disk before using it."

Users who prefer that file types unknown to Opera are not handled by kfmclient, can change that in Preferences > File types > Handlers for saved files. Select the "Files" row, and click "Change" to edit the name of the program to open the files with. For example a text editor, like emacs or gedit.

Credits

Thanks to Giovanni Delvecchio, who brought this vulnerability in kfmclient to our attention

Browse through articles in the same categories: advisory