mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-24 22:46:15 +01:00
gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid
As with previous commits, this could have been used to load private data for an unprivileged caller. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Helps: #2168
This commit is contained in:
parent
55233b6e14
commit
20387ee6b1
@ -18,6 +18,7 @@
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include "glib-private.h"
|
||||
#include "gsettingsschema-internal.h"
|
||||
#include "gsettings.h"
|
||||
|
||||
@ -343,6 +344,7 @@ initialise_schema_sources (void)
|
||||
*/
|
||||
if G_UNLIKELY (g_once_init_enter (&initialised))
|
||||
{
|
||||
gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
|
||||
const gchar * const *dirs;
|
||||
const gchar *path;
|
||||
gchar **extra_schema_dirs;
|
||||
@ -357,7 +359,9 @@ initialise_schema_sources (void)
|
||||
|
||||
try_prepend_data_dir (g_get_user_data_dir ());
|
||||
|
||||
if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
|
||||
/* Disallow loading extra schemas if running as setuid, as that could
|
||||
* allow reading privileged files. */
|
||||
if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
|
||||
{
|
||||
extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0);
|
||||
for (i = 0; extra_schema_dirs[i]; i++);
|
||||
|
Loading…
Reference in New Issue
Block a user