luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-09-20 01:06:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid

Browse Source 
As with previous commits, this could have been used to load private data
for an unprivileged caller.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
This commit is contained in:
Philip Withnall 2020-12-04 23:42:15 +00:00
parent e2b5094cdb
commit 793f824a2e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gio/gsettingsschema.c
View File

@ -18,6 +18,7 @@
#include "config.h" #include "config.h"
#include "glib-private.h"
#include "gsettingsschema-internal.h" #include "gsettingsschema-internal.h"
#include "gsettings.h" #include "gsettings.h"
@ -343,6 +344,7 @@ initialise_schema_sources (void)
*/ */
if G_UNLIKELY (g_once_init_enter (&initialised)) if G_UNLIKELY (g_once_init_enter (&initialised))
{ {
gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
const gchar * const *dirs; const gchar * const *dirs;
const gchar *path; const gchar *path;
gchar **extra_schema_dirs; gchar **extra_schema_dirs;
@ -357,7 +359,9 @@ initialise_schema_sources (void)
try_prepend_data_dir (g_get_user_data_dir ()); try_prepend_data_dir (g_get_user_data_dir ());
if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL) /* Disallow loading extra schemas if running as setuid, as that could
* allow reading privileged files. */
if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
{ {
extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0); extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0);
for (i = 0; extra_schema_dirs[i]; i++); for (i = 0; extra_schema_dirs[i]; i++);