Removed all mentions of GLib file name encoding referring to
the environment strings. The env var content has no defined relation
to GLib's notion of filename encoding, or any encoding whatsoever.
It would be wrong to pass all UTF-8 strings through
g_filename_from_utf8() in order to put them into the environment,
for one thing.
https://bugzilla.gnome.org/show_bug.cgi?id=738185
In Windows development environments that have it, <unistd.h> is mostly
just a wrapper around several other native headers (in particular,
<io.h>, which contains read(), close(), etc, and <process.h>, which
contains getpid()). But given that some Windows dev environments don't
have <unistd.h>, everything that uses those functions on Windows
already needed to include the correct Windows header as well, and so
there is never any point to including <unistd.h> on Windows.
Also, remove some <unistd.h> includes (and a few others) that were
unnecessary even on unix.
https://bugzilla.gnome.org/show_bug.cgi?id=710519
Passing a NULL value to g_setenv() was never documented as working,
and in fact it worked on some platforms and crashed on others. Make it
g_return_if_fail() everywhere insted.
Also, remove some incorrect docs in g_environ_getenv() and
g_environ_setenv() that shouldn't have been copied from g_getenv() and
g_setenv(). And belatedly simplify the checks in g_unsetenv().
https://bugzilla.gnome.org/show_bug.cgi?id=704593
Some programs attempt to use libglib (or even libgio) when setuid.
For a long time, GTK+ simply aborted if launched in this
configuration, but we never had a real policy for GLib.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
This patch adds a private function g_check_setuid() which is used to
first ensure we don't run an external dbus-launch binary if
DBUS_SESSION_BUS_ADDRESS isn't set.
Second, we also ensure the local VFS is used in this case. The
gdaemonvfs extension point will end up talking to the session bus
which is typically undesirable in a setuid context.
Implementing g_check_setuid() is interesting - whether or not we're
running in a privilege-escalated path is operating system specific.
Note that GTK+'s code to check euid versus uid worked historically on
Unix, more modern systems have filesystem capabilities and SELinux
domain transitions, neither of which are captured by the uid
comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-By: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
On Windows, GetEnvironmentVariable() returns 0 for empty variables.
Checking GetLastError() == ERROR_ENVVAR_NOT_FOUND helps make a
difference between a variable that does not exist or an empty one
which should return "".
https://bugzilla.gnome.org/show_bug.cgi?id=679617
The current code create the strv array incorrectly, it is too big and
leaves invalid holes. This may result in crashes when freeing the
returned value.
https://bugzilla.gnome.org/show_bug.cgi?id=679617
And clarify the memory allocation requirement of the string arrays passed to
g_environ_{,un}setenv().
==9458== 10 bytes in 1 blocks are definitely lost in loss record 16 of 39
==9458== at 0x402AD89: malloc (vg_replace_malloc.c:236)
==9458== by 0x4221A1F: vasprintf (vasprintf.c:78)
==9458== by 0x40C6065: g_vasprintf (gprintf.c:314)
==9458== by 0x409D894: g_strdup_vprintf (gstrfuncs.c:509)
==9458== by 0x409D8C9: g_strdup_printf (gstrfuncs.c:535)
==9458== by 0x40672E9: g_environ_setenv (genviron.c:156)
==9458== by 0x80490E7: test_environ_array (environment.c:78)
==9458== by 0x40A3DB5: test_case_run (gtestutils.c:1662)
==9458== by 0x40A40B2: g_test_run_suite_internal (gtestutils.c:1715)
==9458== by 0x40A417C: g_test_run_suite_internal (gtestutils.c:1726)
==9458== by 0x40A42F9: g_test_run_suite (gtestutils.c:1771)
==9458== by 0x40A3441: g_test_run (gtestutils.c:1319)
==9458== by 0x80493F1: main (environment.c:108)
Bug #669412.
==9458== 10 bytes in 1 blocks are definitely lost in loss record 16 of 39
==9458== at 0x402AD89: malloc (vg_replace_malloc.c:236)
==9458== by 0x4221A1F: vasprintf (vasprintf.c:78)
==9458== by 0x40C6065: g_vasprintf (gprintf.c:314)
==9458== by 0x409D894: g_strdup_vprintf (gstrfuncs.c:509)
==9458== by 0x409D8C9: g_strdup_printf (gstrfuncs.c:535)
==9458== by 0x40672E9: g_environ_setenv (genviron.c:156)
==9458== by 0x80490E7: test_environ_array (environment.c:78)
==9458== by 0x40A3DB5: test_case_run (gtestutils.c:1662)
==9458== by 0x40A40B2: g_test_run_suite_internal (gtestutils.c:1715)
==9458== by 0x40A417C: g_test_run_suite_internal (gtestutils.c:1726)
==9458== by 0x40A42F9: g_test_run_suite (gtestutils.c:1771)
==9458== by 0x40A3441: g_test_run (gtestutils.c:1319)
==9458== by 0x80493F1: main (environment.c:108)
Bug #669412.
-gcharset.c, genviron.c, gunicollate.c: Some headers were missed in those
files that triggered C4013 warnings/errors (aka. implicit declaration
of ... in GCC). Make up for them here.
-gwin32.h: Only define g_win32_get_package_installation_directory/
g_win32_get_package_installation_subdirectory as macros
(alias of g_win32_get_package_installation_directory_utf8/
g_win32_get_package_installation_subdirectory_utf8) on Win64 (x64) as
g_win32_get_package_installation_directory/
g_win32_get_package_installation_subdirectory have seperate existing
implmentations for Win32-this is a long-standing problem but was covered-
up by G_DISABLE_DEPRECATED, which we are stopping to use as of 2.31.0.
Split win32 functions off into their own section, instead
of having large and unwieldy ifdef sections inside each function.
Also move the compat versions of env functions over from gutils.c
