Merge branch '2316-dbus-session-hardening-again' into 'main'

Revert "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid" Closes #2316 See merge request GNOME/glib!2212
2025-03-29 11:00:02 +01:00 · 2021-08-19 09:37:26 +00:00 · 2021-08-19 09:37:26 +00:00 · e31aa76045
commit e31aa76045
parent 4961c1c3b5 0f9c7ed021
1 changed files with 2 additions and 24 deletions
--- a/gio/gdbusaddress.c
+++ b/gio/gdbusaddress.c
@ -1343,31 +1343,9 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,

    case G_BUS_TYPE_SESSION:
      if (has_elevated_privileges)
-        {
-#ifdef G_OS_UNIX
-          if (geteuid () == getuid ())
-            {
-              /* Ideally we shouldn't do this, because setgid and
-               * filesystem capabilities are also elevated privileges
-               * with which we should not be trusting environment variables
-               * from the caller. Unfortunately, there are programs with
-               * elevated privileges that rely on the session bus being
-               * available. We already prevent the really dangerous
-               * transports like autolaunch: and unixexec: when our
-               * privileges are elevated, so this can only make us connect
-               * to the wrong AF_UNIX or TCP socket. */
-              ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
-            }
-          else
-#endif
-            {
-              ret = NULL;
-            }
-        }
+        ret = NULL;
      else
-        {
-          ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
-        }
+        ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));

      if (ret == NULL)
        {