Wrong handling of desktop entries with space in name

[parulin]

Qubes OS release

Qubes OS 4.2

Brief summary

In a qube, a user creates a desktop entry with a space inside the name, like xfce terminal.desktop. The desktop entry is available in the settings of the qube but the resulting desktop entry in dom0 is truncated and thus, failing.

Moreover, trying to run /etc/qubes-rpc/StartApp with the name result in unclear error messages.

Steps to reproduce

1. In a qube (let's call it test-desktop-space), create a basic desktop entry, called $HOME/.local/share/applications/xfce terminal.desktop with this content:

   [Desktop Entry]
   Name=A TEST WITH SPACE
   Exec=xfce4-terminal
   Type=Application
   

2. In dom0, try to get available entries:

   # in dom0
   qvm-sync-appmenus test-desktop-space
   qvm-appmenus --get-available --i-understand-format-is-unstable test-desktop-space | grep SPACE
   terminal.desktop - A TEST WITH SPACE
   

   Notice the wrong name. Now set the whitelist, to check the desktop entry created in dom0

   # in dom0
   qvm-appmenus --get-available --i-understand-format-is-unstable test-desktop-space | grep SPACE | qvm-appmenus --set-whitelist - test-desktop-space
   cat ~/.local/share/applications/org.qubes-os.vm._test_ddesktop_dspace.terminal.desktop
   

3. In the qube, try to manually use /etc/qubes-rpc/qubes.StartApp:

   # in test-desktop-space qube
   /etc/qubes-rpc/qubes.StartApp xfce terminal
   This service requires an argument
   

   Now, while using quotes, the python script ends with a traceback error:

   # in test-desktop-space qube
   /etc/qubes-rpc/qubes.StartApp "xfce terminal"
   Traceback (most recent call last):
     File "/etc/qubes-rpc/qubes.StartApp", line 39, in <module>
       main(sys.argv)
     File "/etc/qubes-rpc/qubes.StartApp", line 15, in main
       if qubes_db.read('/qubes-service/app-dispvm.' + arg) is not None:
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   qubesdb.Error: (71, 'Protocol error')
   

Expected behavior

The desktop entry spec doesn't allow spaces in desktop entry names, so it seems reasonable to fail. Nothing should be visible while trying to update the appmenu.

qubes.StartApp should output only error messages with clear reasons.

Actual behavior

Nothing in dom0, obscure errors in the qube.

Additional information

Changing line 13 of qubes.StartApp by this seems enough as for a non-quoted argument

        print('This service requires one unique argument', file=sys.stderr)

It's possible to add a basic check on line 17, like this:

    if " " in arg:
        print('This service requires an argument without spaces', file=sys.stderr)
        sys.exit(1)

But maybe it's better to handle this inside qubesdb?

In /etc/qubes-rpc/qubes.GetAppmenus, replacing the find command by this could help:

find . -regex '.*/[-_.A-Za-z0-9]+\.desktop'

But still, the correct handling should happen in dom0. I tried to change the line 169 in /usr/lib/python3.11/site-packages/qubesappmenus/receive.py, in order to use re.match instead of re.search but this may be very inefficient or naive?

        untrusted_m = line_rx.match(untrusted_line.split('/')[-1])

[KitsuneNoBaka]

Latelly this issue came up with Proton Authenticator.desktop - qubes routine recognised it as Authenticator.desktop and added entry to menu to run Authenticator which is not available.
As short term solution I advised user to change name of /usr/share/applicactions/Proton Authenticator.desktop to /usr/share/applications/Authenticator.desktop in template but it will make problems during app update or removal.

[parulin]

Fixed by QubesOS/qubes-core-admin@2ee3cea?

[andrewdavidwong]

Fixed by 2ee3cea?

Can you provide a link?

[parulin]

I edited my previous comment.

I can't reproduce this on an up-to-date R4.2.

[marmarek]

Technically, the fix part is QubesOS/qubes-core-agent-linux#602, but yes, the same change.