On Sun, 15 Mar 2020 at 14:42:48 -0400, Boyuan Yang wrote:
> I am not sure why evince want to use Shell to execute external process. Anyway
> this must be a regression.
This is a regression with GLib 2.64.x. Older versions of glib2.0 use an
external helper program, /usr/libexec/gio-launch-desktop (patched to be
/usr/lib/*/glib-2.0/gio-launch-desktop in Debian), to launch .desktop
files (including URI scheme handlers) with $GIO_LAUNCHED_DESKTOP_FILE_PID
in the environment. Newer versions use /bin/sh -c to implement the helper
as a one-line shell script, using argv and "$@" to avoid shell-injection
vulnerabilities.
This can be resolved without giving evince extra privileges by adding
"/{usr/,}bin/{bash,dash} ixr", which makes the shell inherit the same
security profile as evince itself (so it can't do anything evince couldn't
already do). I'll commit that soon.
smcv
