mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-25 15:06:14 +01:00
gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid
As with previous commits, this could have been used to load private data for an unprivileged caller. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Helps: #2168
This commit is contained in:
parent
55233b6e14
commit
20387ee6b1
@ -18,6 +18,7 @@
|
|||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
|
#include "glib-private.h"
|
||||||
#include "gsettingsschema-internal.h"
|
#include "gsettingsschema-internal.h"
|
||||||
#include "gsettings.h"
|
#include "gsettings.h"
|
||||||
|
|
||||||
@ -343,6 +344,7 @@ initialise_schema_sources (void)
|
|||||||
*/
|
*/
|
||||||
if G_UNLIKELY (g_once_init_enter (&initialised))
|
if G_UNLIKELY (g_once_init_enter (&initialised))
|
||||||
{
|
{
|
||||||
|
gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
|
||||||
const gchar * const *dirs;
|
const gchar * const *dirs;
|
||||||
const gchar *path;
|
const gchar *path;
|
||||||
gchar **extra_schema_dirs;
|
gchar **extra_schema_dirs;
|
||||||
@ -357,7 +359,9 @@ initialise_schema_sources (void)
|
|||||||
|
|
||||||
try_prepend_data_dir (g_get_user_data_dir ());
|
try_prepend_data_dir (g_get_user_data_dir ());
|
||||||
|
|
||||||
if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
|
/* Disallow loading extra schemas if running as setuid, as that could
|
||||||
|
* allow reading privileged files. */
|
||||||
|
if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
|
||||||
{
|
{
|
||||||
extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0);
|
extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0);
|
||||||
for (i = 0; extra_schema_dirs[i]; i++);
|
for (i = 0; extra_schema_dirs[i]; i++);
|
||||||
|
Loading…
Reference in New Issue
Block a user