luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-11-10 11:26:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'gdbus-server-no-abstract-tmpdir' into 'main'

Browse Source 
Fix sandbox escape in GDBusServer

See merge request GNOME/glib!3005
This commit is contained in:
Marco Trevisan 2022-10-21 16:09:12 +00:00
commit d83c87c1f6
5 changed files with 11 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gio/gdbusdaemon.c
View File

@ -1618,13 +1618,8 @@ initable_init (GInitable *initable,
if (daemon->address == NULL)
{
#ifdef G_OS_UNIX
if (g_unix_socket_address_abstract_names_supported ())
daemon->address = g_strdup ("unix:tmpdir=/tmp/gdbus-daemon");
else
{
daemon->tmpdir = g_dir_make_tmp ("gdbus-daemon-XXXXXX", NULL);
daemon->address = g_strdup_printf ("unix:tmpdir=%s", daemon->tmpdir);
}
daemon->tmpdir = g_dir_make_tmp ("gdbus-daemon-XXXXXX", NULL);
daemon->address = g_strdup_printf ("unix:tmpdir=%s", daemon->tmpdir);
flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER;
#else
/* Dont require authentication on Windows as that hasnt been

9
gio/gdbusserver.c
View File

@ -725,14 +725,7 @@ try_unix (GDBusServer *server,
for (n = 0; n < 8; n++)
g_string_append_c (s, random_ascii ());
/* prefer abstract namespace if available for tmpdir: addresses
* abstract namespace is disallowed for dir: addresses */
if (tmpdir != NULL && g_unix_socket_address_abstract_names_supported ())
address = g_unix_socket_address_new_with_type (s->str,
-1,
G_UNIX_SOCKET_ADDRESS_ABSTRACT);
else
address = g_unix_socket_address_new (s->str);
address = g_unix_socket_address_new (s->str);
g_string_free (s, TRUE);
local_error = NULL;

15
gio/tests/gdbus-auth.c
View File

@ -63,17 +63,10 @@ server_new_for_mechanism (const gchar *allowed_mechanism)
guid = g_dbus_generate_guid ();
#ifdef G_OS_UNIX
if (g_unix_socket_address_abstract_names_supported ())
{
addr = g_strdup ("unix:tmpdir=/tmp/gdbus-test-");
}
else
{
gchar *tmpdir;
tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
addr = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
g_free (tmpdir);
}
gchar *tmpdir;
tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
addr = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
g_free (tmpdir);
#else
addr = g_strdup ("nonce-tcp:");
#endif

9
gio/tests/gdbus-overflow.c
View File

@ -219,13 +219,8 @@ main (int argc,
if (is_unix)
{
if (g_unix_socket_address_abstract_names_supported ())
tmp_address = g_strdup ("unix:tmpdir=/tmp/gdbus-test-");
else
{
tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
tmp_address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
}
tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
tmp_address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
}
else
tmp_address = g_strdup ("nonce-tcp:");

9
gio/tests/gmenumodel.c
View File

@ -831,13 +831,8 @@ service_thread_func (gpointer user_data)
flags = G_DBUS_SERVER_FLAGS_NONE;
#ifdef G_OS_UNIX
if (g_unix_socket_address_abstract_names_supported ())
address = g_strdup ("unix:tmpdir=/tmp/test-dbus-peer");
else
{
tmpdir = g_dir_make_tmp ("test-dbus-peer-XXXXXX", NULL);
address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
}
tmpdir = g_dir_make_tmp ("test-dbus-peer-XXXXXX", NULL);
address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
#else
address = g_strdup ("nonce-tcp:");
flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS;