[xiphos-source] [crosswire/xiphos] fd0375: fix: restrict D-Bus setCurrentReference to navigat...

Devon Kirk noreply at github.com
Fri Jun 19 06:57:19 EDT 2026 

  Branch: refs/heads/master
  Home:   https://github.com/crosswire/xiphos
  Commit: fd0375c78e93840326948dea010fd67ea5082254
      https://github.com/crosswire/xiphos/commit/fd0375c78e93840326948dea010fd67ea5082254
  Author: Devon Kirk <67167176+hyder365 at users.noreply.github.com>
  Date:   2026-06-19 (Fri, 19 Jun 2026)

  Changed paths:
    M src/gtk/ipc.c

  Log Message:
  -----------
  fix: restrict D-Bus setCurrentReference to navigation references only (#1331)

The org.xiphos.remote D-Bus service is registered on the session bus with
G_BUS_NAME_OWNER_FLAGS_NONE, so any peer on the user's session bus can call
setCurrentReference().  The handler passed the untrusted reference straight
to main_url_handler() with clicked=TRUE, which not only navigates but also
honours actions that reach the local filesystem or spawn external programs:

  - "showStudypad" loads an arbitrary file into the StudyPad editor;
  - "showImage" hands a path to an external viewer (xdg-open, etc.);
  - any URL matching none of the known schemes falls through to
    xiphos_open_default(), which opens an arbitrary URI/file in its default
    handler.

A D-Bus policy file cannot meaningfully fix this: the session bus is
per-user, so all peers share the caller's UID and a default-deny policy
would simply disable the remote-control feature for everyone.  Instead,
validate the reference at the IPC boundary and accept only navigation
references (sword://, bible://, passagestudy.jsp, xiphos.url) while
rejecting the local-file actions and the open-anything fall-through.
clicked=TRUE is preserved so legitimate navigation still works.

This supersedes the earlier, non-functional approach of shipping an
org.xiphos.remote.conf whose "mandatory" allow rule overrode its "default"
deny (and which was never installed by the build).

Co-authored-by: Devon Kirk <hyder365 at users.noreply.github.com>



To unsubscribe from these emails, change your notification settings at https://github.com/crosswire/xiphos/settings/notifications

More information about the xiphos-source mailing list