luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-11-15 05:46:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'backport-1920-setgid-dbus-session-glib-2-66' into 'glib-2-66'

Browse Source 
Backport !1920 “Resolve GDBus regressions in setcap/setgid programs” to glib-2-66

See merge request GNOME/glib!1922
This commit is contained in:
Simon McVittie 2021-02-03 12:07:51 +00:00
commit 0051c06355
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
gio/gdbusaddress.c
View File

@ -1280,7 +1280,7 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type,
GCancellable *cancellable, GCancellable *cancellable,
GError **error) GError **error)
{ {
gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) (); gboolean has_elevated_privileges = GLIB_PRIVATE_CALL (g_check_setuid) ();
gchar *ret, *s = NULL; gchar *ret, *s = NULL;
const gchar *starter_bus; const gchar *starter_bus;
GError *local_error; GError *local_error;
@ -1324,7 +1324,11 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type,
switch (bus_type) switch (bus_type)
{ {
case G_BUS_TYPE_SYSTEM: case G_BUS_TYPE_SYSTEM:
ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")) : NULL; if (has_elevated_privileges)
ret = NULL;
else
ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS"));
if (ret == NULL) if (ret == NULL)
{ {
ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket"); ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket");
@ -1332,7 +1336,33 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type,
break; break;
case G_BUS_TYPE_SESSION: case G_BUS_TYPE_SESSION:
ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")) : NULL; if (has_elevated_privileges)
{
#ifdef G_OS_UNIX
if (geteuid () == getuid ())
{
/* Ideally we shouldn't do this, because setgid and
* filesystem capabilities are also elevated privileges
* with which we should not be trusting environment variables
* from the caller. Unfortunately, there are programs with
* elevated privileges that rely on the session bus being
* available. We already prevent the really dangerous
* transports like autolaunch: and unixexec: when our
* privileges are elevated, so this can only make us connect
* to the wrong AF_UNIX or TCP socket. */
ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
}
else
#endif
{
ret = NULL;
}
}
else
{
ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
}
if (ret == NULL) if (ret == NULL)
{ {
ret = get_session_address_platform_specific (&local_error); ret = get_session_address_platform_specific (&local_error);