pcmanfm doesn't escape spaces in filenames it executes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PCManFM |
Unknown
|
Unknown
|
|||
pcmanfm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: pcmanfm
When you double-click on a file to execute in pcmanfm, this will only succeed if there are no spaces in its absolute path. Spaces in the filename or in any directories in the file's full path are not escaped -- consequently, double-clicking on a file with its executable bit set results in pcmanfm attempting to execute the file whose path consists of all the characters in the original file's path before the first space. (Typically that file, if different from the original, would not exist.)
I have already reproduced this bug with the latest upstream git sources and reported it on the upstream tracker:
http://
This bug is also either similar or idential to a bug previously reported last month, which was believed to be fixed in the latest git sources and marked out-of-date on the upstream tracker:
http://
The reason I am filing a report here even though I have no reason to think the issue is specific to Ubuntu and I have reported it upstream, is that it seems to me that this bug is significant enough that, once fixed, the fix ought to be backported to pcmanfm in supported Ubuntu releases.
Note that this is not the same bug as Bug 686526, which applies to the URI created and passed via the --extract-here flag to file-roller. This is also not the same as the bug with upstream (SourceForge) ID 3096318 (referenced in Bug 686526), which applied to the opening (not executing) of files with certain associations.
Theoretically, this is a security vulnerabilty, in that it could be exploited on a multi-user system (or any system that mounts a drive shared between systems) to cause a user to execute a malicious executable inside a sticky directory. However, I am not flagging this as a security vulnerability. Should I? That is one of the reasons I think its fix, once committed to the upstream git tree, should be backported to previous versions in Ubuntu. But it seems that the insecurity produced by this bug is small, while the unusability produced by it is large and the primary reason it should be fixed.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: pcmanfm 0.9.7-1ubuntu1
ProcVersionSign
Uname: Linux 2.6.35-24-generic x86_64
Architecture: amd64
Date: Thu Dec 23 20:59:07 2010
ExecutablePath: /usr/bin/pcmanfm
InstallationMedia: Xubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406)
Pref_Config_
[Preferred Applications]
WebBrowser=
MailClient=
ProcEnviron:
LANGUAGE=
LANG=en_US.utf8
LC_MESSAGES=
SHELL=/bin/bash
RelatedPackageV
libmenu-cache1 0.3.2-2
pcmanfm 0.9.7-1ubuntu1
udisks 1.0.1+git20100614-3
gvfs 1.6.4-0ubuntu1.1
SourcePackage: pcmanfm
Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as confirmed and let them handle it from here.
Thanks for reporting this bug to the developers of the software. You can track it and make comments at: http:// sourceforge. net/support/ tracker. php?aid= 3143296
Thanks for taking the time to make Ubuntu better!