Local application launchers can't be set as trusted

Bug #1687179 reported by corrado venturini
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
nautilus (Ubuntu)
Medium
Unassigned

Bug Description

After Nautilus update to 1:3.24.1 desktop icons are unusable. I get a message 'Untrusted application launcher' also if in icon properties Allow executing file..' is selected.
corrado@corrado-art-uni:~$ apt-cache policy nautilus
nautilus:
  Installed: 1:3.24.1-0ubuntu1
  Candidate: 1:3.24.1-0ubuntu1
  Version table:
 *** 1:3.24.1-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu artful/main amd64 Packages
        100 /var/lib/dpkg/status
corrado@corrado-art-uni:~$

Same problem on Ubuntu 17.10 Unity and GNOME

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: nautilus 1:3.24.1-0ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
Uname: Linux 4.10.0-20-generic x86_64
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sat Apr 29 11:56:55 2017
ExecutablePath: /usr/bin/nautilus-desktop
GsettingsChanges:
 b'org.gnome.nautilus.window-state' b'sidebar-width' b'271'
 b'org.gnome.nautilus.window-state' b'geometry' b"'890x550+576+255'"
InstallationDate: Installed on 2017-04-28 (1 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170427)
SourcePackage: nautilus
UpgradeStatus: No upgrade log present (probably fresh install)
usr_lib_nautilus: gnome-terminal 3.20.2-1ubuntu8

Revision history for this message
corrado venturini (corradoventu) wrote :
Revision history for this message
corrado venturini (corradoventu) wrote :

Same problem on Ubuntu 17.10 GNOME on different hardware:
corrado@corrado-HP-aGnome:~$ inxi -Fx
System: Host: corrado-HP-aGnome Kernel: 4.10.0-20-generic x86_64 (64 bit gcc: 6.3.0)
           Desktop: Gnome 3.24.1 (Gtk 3.22.11-0ubuntu3)
           Distro: Ubuntu Artful Aardvark (development branch)
Machine: Device: laptop System: Hewlett-Packard product: HP 250 G3 Notebook PC v: 0991100000000000000600087
           Mobo: Hewlett-Packard model: 2211 v: 86.49 UEFI: Insyde v: F.36 date: 12/18/2014
Battery BAT1: charge: 18.7 Wh 81.3% condition: 23.1/23.0 Wh (100%)
           model: 13-42 OA03031 status: Discharging
CPU: Dual core Intel Core i5-4210U (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9577
           clock speeds: max: 2700 MHz 1: 900 MHz 2: 900 MHz 3: 819 MHz 4: 809 MHz
Graphics: Card: Intel Haswell-ULT Integrated Graphics Controller bus-ID: 00:02.0
           Display Server: X.Org 1.19.3 driver: N/A Resolution: 1366x768@60.00hz
           GLX Renderer: Mesa DRI Intel Haswell Mobile
           GLX Version: 3.0 Mesa 17.0.4 Direct Rendering: Yes
Audio: Card-1 Intel 8 Series HD Audio Controller driver: snd_hda_intel bus-ID: 00:1b.0
           Card-2 Intel Haswell-ULT HD Audio Controller driver: snd_hda_intel bus-ID: 00:03.0
           Sound: Advanced Linux Sound Architecture v: k4.10.0-20-generic
Network: Card-1: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
           driver: r8169 v: 2.3LK-NAPI port: 3000 bus-ID: 08:00.0
           IF: enp8s0 state: up speed: 100 Mbps duplex: full mac: 5c:b9:01:06:ba:ce
           Card-2: Ralink RT3290 Wireless 802.11n 1T/1R PCIe
           driver: rt2800pci v: 2.3.0 bus-ID: 09:00.0
           IF: wlo1 state: up mac: ac:d1:b8:82:03:5d
Drives: HDD Total Size: 500.1GB (1.8% used)
           ID-1: /dev/sda model: ST500LT012 size: 500.1GB
Partition: ID-1: / size: 32G used: 4.7G (16%) fs: ext4 dev: /dev/sda7
           ID-2: swap-1 size: 4.29GB used: 0.00GB (0%) fs: swap dev: /dev/sda2
RAID: No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors: System Temperatures: cpu: 42.0C mobo: 42.0C
           Fan Speeds (in rpm): cpu: N/A
Info: Processes: 255 Uptime: 3 min Memory: 1160.5/3881.4MB
           Init: systemd runlevel: 5 Gcc sys: 6.3.0 Client: Shell (bash 4.4.51) inxi: 2.3.8
corrado@corrado-HP-aGnome:~$

Revision history for this message
Jeremy Bicha (jbicha) wrote :

How did you add the launcher icon to your desktop?

Changed in nautilus (Ubuntu):
status: New → Incomplete
Revision history for this message
Doug McMahon (mc3man) wrote :

This is from the 06_never_exec_nonexec_launchers.patch & would include any .desktop anywhere in ~/

Revision history for this message
corrado venturini (corradoventu) wrote :

I copied the launcher icon from /usr/share/applications to Desktop with mouse copy - paste

Revision history for this message
Jeremy Bicha (jbicha) wrote :

corrado, this is not new to Ubuntu 17.10 or nautilus 3.24.

Right-click on the .desktop and click Properties.
Switch to the Permissions tab and make sure the Execute box is checked.

https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission_Bit_Required

Since this is an intended security feature in Ubuntu, I am closing this bug report.

Changed in nautilus (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Doug McMahon (mc3man) wrote :

No - the current behavior is the permissions property is ignored. Currently the user is just informed that the launcher is untrusted with no option to set as trusted. See attached

Changed in nautilus (Ubuntu):
status: Invalid → New
status: New → Confirmed
summary: - Desktop icon Untrusted application launcher
+ Local application launchers can't be set as trusted
Revision history for this message
corrado venturini (corradoventu) wrote :

This IS new on nautilus 3.24. Until yesterday on the same 17.10 installations with the ol nautilus:
Ubuntu 17.10 Unity and Ubuntu 17.10 Gnome on my desktop
Ubuntu 17.10 Unity and Ubuntu 17.10 Gnome on my laptop
I was able to launch icons from desktop.
As You may see from the screenshots attached in the bug open the execute box is checked.
In the past I received a message 'untrusted application ...' with the choices:
'cancel' and 'trust and launch' NOW I have only 'cancel'
To be clead i attach again the screensot of Properties Permission tab

Revision history for this message
Jeremy Bicha (jbicha) wrote :

Thank you for the additional information.

Revision history for this message
Jeremy Bicha (jbicha) wrote :

I will be discussing this with Ubuntu's Security Team.

I'm attaching a screenshot of what the dialog in uptream Nautilus 3.24 looks like. It is the same as Ubuntu's except that it adds a 'Trust and Launch' option.

Changed in nautilus (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Jeremy Bicha (jbicha)
Changed in nautilus (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nautilus - 1:3.24.1-0ubuntu2

---------------
nautilus (1:3.24.1-0ubuntu2) artful; urgency=medium

  * Update 06_never_exec_nonexec_launchers.patch:
    - Show "Trust and Launch" for home directory application launchers
      that have been marked as executable (LP: #1687179)

 -- Jeremy Bicha <email address hidden> Sun, 30 Apr 2017 17:47:06 -0400

Changed in nautilus (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers