luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-28 21:22:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

libgirepository: Refuse to run in setuid applications

Browse Source 
We know of at least one privilege escalation path via
`GI_TYPELIB_PATH`.  I don't want to audit for others.  If someone
shows up with a use case we can talk.

https://bugzilla.gnome.org/show_bug.cgi?id=755472
This commit is contained in:
Colin Walters 2015-09-23 14:07:21 -04:00
parent 3fa183524e
commit 02c64c25d2
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
girepository.c
View File

@ -27,6 +27,10 @@
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#ifdef HAVE_GETAUXVAL
#include <sys/auxv.h>
#endif
#include <glib.h> #include <glib.h>
#include <glib/gprintf.h> #include <glib/gprintf.h>
#include <gmodule.h> #include <gmodule.h>
@ -147,6 +151,14 @@ init_globals (void)
if (!g_once_init_enter (&initialized)) if (!g_once_init_enter (&initialized))
return; return;
#ifdef HAVE_GETAUXVAL
if (getauxval (AT_SECURE))
{
g_printerr ("error: libgirepository.so (gobject-introspection) is not audited for use in setuid applications\nSee https://bugzilla.gnome.org/show_bug.cgi?id=755472\n");
_exit (1);
}
#endif
if (default_repository == NULL) if (default_repository == NULL)
default_repository = g_object_new (G_TYPE_IREPOSITORY, NULL); default_repository = g_object_new (G_TYPE_IREPOSITORY, NULL);