gdesktopappinfo: Don't trust $GIO_LAUNCH_DESKTOP if setuid

gio-launch-desktop was removed before checking GIO for potentially
unsafe environment variable references, so reverting its removal brought
this one back. If a setuid program is using GAppInfo then something is
probably already horribly wrong, but let's be careful anyway.

Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie 2022-07-14 16:43:57 +01:00 committed by Philip Withnall
parent e4e21f20e2
commit 8157668eac

View File

@ -51,6 +51,7 @@
#include "gfileicon.h"
#include <glib/gstdio.h>
#include "glibintl.h"
#include "glib-private.h"
#include "giomodule-priv.h"
#include "gappinfo.h"
#include "gappinfoprivate.h"
@ -2918,10 +2919,12 @@ g_desktop_app_info_launch_uris_with_spawn (GDesktopAppInfo *info,
if (g_once_init_enter (&gio_launch_desktop_path))
{
const gchar *tmp;
const gchar *tmp = NULL;
gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
/* Allow test suite to specify path to gio-launch-desktop */
tmp = g_getenv ("GIO_LAUNCH_DESKTOP");
if (!is_setuid)
tmp = g_getenv ("GIO_LAUNCH_DESKTOP");
/* Fall back on usual searching in $PATH */
if (tmp == NULL)