luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-03 09:46:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

gportalsupport: Force use /usr/bin/snapctl to get snap connection status

Browse Source 
Do not search in path for snapctl to avoid it to be potentially
overridden by changing the PATH env variable.

Still allow testing by using an ifdef to check if we're building for the
test files or not.
This commit is contained in:
Marco Trevisan (Treviño) 2022-11-24 05:54:07 +01:00
parent 94ebd9f041
commit e6eebfd9c3
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
gio/gportalsupport.c
View File

@ -29,21 +29,29 @@ static gboolean use_portal;
static gboolean network_available; static gboolean network_available;
static gboolean dconf_access; static gboolean dconf_access;
#ifdef G_PORTAL_SUPPORT_TEST
static const char *snapctl = "snapctl";
#else
static const char *snapctl = "/usr/bin/snapctl";
#endif
static gboolean static gboolean
snap_plug_is_connected (const gchar *plug_name) snap_plug_is_connected (const gchar *plug_name)
{ {
const gchar *argv[] = { "snapctl", "is-connected", plug_name, NULL };
gint wait_status; gint wait_status;
const gchar *argv[] = { snapctl, "is-connected", plug_name, NULL };
/* Bail out if our process is privileged - we don't want to pass those /* Bail out if our process is privileged - we don't want to pass those
* privileges to snapctl. It could be overridden using PATH and this would * privileges to snapctl. It could be overridden and this would
* allow arbitrary code execution. * allow arbitrary code execution.
*/ */
if (GLIB_PRIVATE_CALL (g_check_setuid) ()) if (GLIB_PRIVATE_CALL (g_check_setuid) ())
return FALSE; return FALSE;
if (!g_spawn_sync (NULL, (gchar **) argv, NULL, if (!g_spawn_sync (NULL, (gchar **) argv, NULL,
#ifdef G_PORTAL_SUPPORT_TEST
G_SPAWN_SEARCH_PATH | G_SPAWN_SEARCH_PATH |
#endif
G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDOUT_TO_DEV_NULL |
G_SPAWN_STDERR_TO_DEV_NULL, G_SPAWN_STDERR_TO_DEV_NULL,
NULL, NULL, NULL, NULL, &wait_status, NULL, NULL, NULL, NULL, &wait_status,

3
gio/tests/meson.build
View File

@ -229,6 +229,7 @@ if host_machine.system() != 'windows'
'live-g-file' : {}, 'live-g-file' : {},
'portal-support-none' : { 'portal-support-none' : {
'extra_sources': ['../gportalsupport.c', '../gsandbox.c'], 'extra_sources': ['../gportalsupport.c', '../gsandbox.c'],
'c_args': ['-DG_PORTAL_SUPPORT_TEST'],
'suite': ['portal-support'], 'suite': ['portal-support'],
}, },
'portal-support-env-var' : { 'portal-support-env-var' : {
@ -237,10 +238,12 @@ if host_machine.system() != 'windows'
}, },
'portal-support-snap' : { 'portal-support-snap' : {
'extra_sources': ['../gportalsupport.c', '../gsandbox.c', 'portal-support-utils.c'], 'extra_sources': ['../gportalsupport.c', '../gsandbox.c', 'portal-support-utils.c'],
'c_args': ['-DG_PORTAL_SUPPORT_TEST'],
'suite': ['portal-support'], 'suite': ['portal-support'],
}, },
'portal-support-snap-classic' : { 'portal-support-snap-classic' : {
'extra_sources': ['../gportalsupport.c', '../gsandbox.c', 'portal-support-utils.c'], 'extra_sources': ['../gportalsupport.c', '../gsandbox.c', 'portal-support-utils.c'],
'c_args': ['-DG_PORTAL_SUPPORT_TEST'],
'suite': ['portal-support'], 'suite': ['portal-support'],
}, },
'resolver-parsing' : {'dependencies' : [network_libs]}, 'resolver-parsing' : {'dependencies' : [network_libs]},