luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-04-21 22:59:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'gdbus-server-no-abstract-tmpdir' into 'main'

Browse Source 
Fix sandbox escape in GDBusServer

See merge request GNOME/glib!3005
This commit is contained in:
Marco Trevisan 2022-10-21 16:09:12 +00:00
commit d83c87c1f6
5 changed files with 11 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gio/gdbusdaemon.c
View File

@ -1618,13 +1618,8 @@ initable_init (GInitable *initable,
if (daemon->address == NULL) if (daemon->address == NULL)
{ {
#ifdef G_OS_UNIX #ifdef G_OS_UNIX
if (g_unix_socket_address_abstract_names_supported ()) daemon->tmpdir = g_dir_make_tmp ("gdbus-daemon-XXXXXX", NULL);
daemon->address = g_strdup ("unix:tmpdir=/tmp/gdbus-daemon"); daemon->address = g_strdup_printf ("unix:tmpdir=%s", daemon->tmpdir);
else
{
daemon->tmpdir = g_dir_make_tmp ("gdbus-daemon-XXXXXX", NULL);
daemon->address = g_strdup_printf ("unix:tmpdir=%s", daemon->tmpdir);
}
flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER; flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER;
#else #else
/* Dont require authentication on Windows as that hasnt been /* Dont require authentication on Windows as that hasnt been

9
gio/gdbusserver.c
View File

@ -725,14 +725,7 @@ try_unix (GDBusServer *server,
for (n = 0; n < 8; n++) for (n = 0; n < 8; n++)
g_string_append_c (s, random_ascii ()); g_string_append_c (s, random_ascii ());
/* prefer abstract namespace if available for tmpdir: addresses address = g_unix_socket_address_new (s->str);
* abstract namespace is disallowed for dir: addresses */
if (tmpdir != NULL && g_unix_socket_address_abstract_names_supported ())
address = g_unix_socket_address_new_with_type (s->str,
-1,
G_UNIX_SOCKET_ADDRESS_ABSTRACT);
else
address = g_unix_socket_address_new (s->str);
g_string_free (s, TRUE); g_string_free (s, TRUE);
local_error = NULL; local_error = NULL;

15
gio/tests/gdbus-auth.c
View File

@ -63,17 +63,10 @@ server_new_for_mechanism (const gchar *allowed_mechanism)
guid = g_dbus_generate_guid (); guid = g_dbus_generate_guid ();
#ifdef G_OS_UNIX #ifdef G_OS_UNIX
if (g_unix_socket_address_abstract_names_supported ()) gchar *tmpdir;
{ tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
addr = g_strdup ("unix:tmpdir=/tmp/gdbus-test-"); addr = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
} g_free (tmpdir);
else
{
gchar *tmpdir;
tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
addr = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
g_free (tmpdir);
}
#else #else
addr = g_strdup ("nonce-tcp:"); addr = g_strdup ("nonce-tcp:");
#endif #endif

9
gio/tests/gdbus-overflow.c
View File

@ -219,13 +219,8 @@ main (int argc,
if (is_unix) if (is_unix)
{ {
if (g_unix_socket_address_abstract_names_supported ()) tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
tmp_address = g_strdup ("unix:tmpdir=/tmp/gdbus-test-"); tmp_address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
else
{
tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL);
tmp_address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
}
} }
else else
tmp_address = g_strdup ("nonce-tcp:"); tmp_address = g_strdup ("nonce-tcp:");

9
gio/tests/gmenumodel.c
View File

@ -831,13 +831,8 @@ service_thread_func (gpointer user_data)
flags = G_DBUS_SERVER_FLAGS_NONE; flags = G_DBUS_SERVER_FLAGS_NONE;
#ifdef G_OS_UNIX #ifdef G_OS_UNIX
if (g_unix_socket_address_abstract_names_supported ()) tmpdir = g_dir_make_tmp ("test-dbus-peer-XXXXXX", NULL);
address = g_strdup ("unix:tmpdir=/tmp/test-dbus-peer"); address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
else
{
tmpdir = g_dir_make_tmp ("test-dbus-peer-XXXXXX", NULL);
address = g_strdup_printf ("unix:tmpdir=%s", tmpdir);
}
#else #else
address = g_strdup ("nonce-tcp:"); address = g_strdup ("nonce-tcp:");
flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS; flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS;