Tuesday, June 02, 2020

Re: Firefox and MIME

On Tue, 02 Jun 2020 at 17:07:18 +0100, Laurence Tratt wrote:
> At some point recently our mozilla-firefox port stopped automatically opening
> downloaded files for me. pkg/README says:
>
> Due to unveil(2) limiting filesystem access, only the default MIME
> handler registered for a given type can be chosen when opening a
> downloaded file. For example, to use the mupdf package to read
> PDFs, it must be registered as the default with XDG:
>
> $ xdg-mime default mupdf.desktop application/pdf
>
> And, indeed, I have had that set for some while and it used to work fine.
> However, when I click on a PDF link in Firefox, it now brings up the
> (not-very-useful because of unveil!) "launch application" window.
>
> I'm sure I'm missing out on something obvious, but I'm not sure what it might
> be (and I know someone else who's equally baffled). In case it's relevant,
> I'm using XFCE (so DBUS is running) on -current as of a couple of days ago,
> with the firefox-76.0p0 package on amd64. If anyone has any pointers, I know
> at least two of us who will welcome them!

Firefox tries to execute xdg-open to parse the MIME stuff and run
the appropriate handler for application/pdf.

https://github.com/mozilla/gecko-dev/blob/c686b5d5614da653c20c689cea96a80ae598a1a1/toolkit/system/gnome/nsGIOService.cpp#L504-L514

Up until Glib 2.64.2, this was done by executing gio-launch-desktop
with xdg-open as an argument. This worked out for us because
xdg-open is a shell script and gio-launch-desktop was a binary, so
we could just unveil /usr/local/bin/gio-launch-desktop in Firefox's
unveil.main.

This changed as of updating our Glib port to 2.64.2 a few weeks ago,
and now Glib no longer ships with gio-launch-desktop, trying to run
xdg-open via /bin/sh directly:

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1362/diffs

I'm not sure how best to handle this going forward, but unveiling
/bin/sh is not a good idea.

Perhaps we include a small compiled utility with Firefox that just
hard-codes execve("/usr/local/bin/xdg-open", ...) and then unveil
that binary instead of gio-launch-desktop? Firefox would still need
modifying to exec that utility directly instead of using Glib's
g_app_info_create_from_commandline.

FWIW, the old .mailcap style handling still works, where you list
each binary specifically in ~/.mailcap and add it to your own
unveil.main.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)