Bug#954013: evince: Opening external URL failed: blocked by AppArmor: Failed to execute child process /bin/sh
Simon McVittie
smcv at debian.org
Fri Mar 27 10:46:30 GMT 2020
On Sun, 15 Mar 2020 at 14:42:48 -0400, Boyuan Yang wrote:
> I am not sure why evince want to use Shell to execute external process. Anyway
> this must be a regression.
This is a regression with GLib 2.64.x. Older versions of glib2.0 use an
external helper program, /usr/libexec/gio-launch-desktop (patched to be
/usr/lib/*/glib-2.0/gio-launch-desktop in Debian), to launch .desktop
files (including URI scheme handlers) with $GIO_LAUNCHED_DESKTOP_FILE_PID
in the environment. Newer versions use /bin/sh -c to implement the helper
as a one-line shell script, using argv and "$@" to avoid shell-injection
vulnerabilities.
This can be resolved without giving evince extra privileges by adding
"/{usr/,}bin/{bash,dash} ixr", which makes the shell inherit the same
security profile as evince itself (so it can't do anything evince couldn't
already do). I'll commit that soon.
smcv
More information about the pkg-gnome-maintainers
mailing list