Some programs attempt to use libglib (or even libgio) when setuid.
For a long time, GTK+ simply aborted if launched in this
configuration, but we never had a real policy for GLib.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
This patch adds a private function g_check_setuid() which is used to
first ensure we don't run an external dbus-launch binary if
DBUS_SESSION_BUS_ADDRESS isn't set.
Second, we also ensure the local VFS is used in this case. The
gdaemonvfs extension point will end up talking to the session bus
which is typically undesirable in a setuid context.
Implementing g_check_setuid() is interesting - whether or not we're
running in a privilege-escalated path is operating system specific.
Note that GTK+'s code to check euid versus uid worked historically on
Unix, more modern systems have filesystem capabilities and SELinux
domain transitions, neither of which are captured by the uid
comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-By: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
This reverts commit 18801a9a7b.
The change to the GIO source filters only applies to the master/2.33.x+
branch as there isn't a gcontenttype-win32.c in glib-2-32, so we still
want to build gcontenttype.c here.
gcontenttype.c was split into gcontenttype.c and gcontenttype-win32.c
in commit 32192ee9 ("Split gcontenttype.c"), so we don't want to include
gcontenttype.c in the Visual C++ build as it is no longer a source file
meant for Windows.
Thanks to Thomas H.P. Anderson for pointing this out.
String validation was done by checking if the string was valid utf8 and
ensuring that the first non-utf8 character was the last character (ie:
the nul terminator).
No check was actually done to make sure that this byte actually
contained a nul, however, so it was possible that you could have a
string like "hello\xff" with length 6 that would correctly validate.
Fix that, and test it.
Prevent attempts to access keys ending with slashes that exist in the
schema file as references to child schemas.
Also: don't emit change signals for these same keys.
This avoids warnings when creating idiomatic value tables, like:
static const GTypeValueTable _clutter_shader_float_value_table = {
clutter_value_init_shader_float,
clutter_value_free_shader_float,
clutter_value_copy_shader_float,
clutter_value_peek_pointer,
"ip",
clutter_value_collect_shader_float,
"pp",
clutter_value_lcopy_shader_float
};
Because the strings are literals. And, really: nobody should be using
allocated values for the collection and lcopy strings.
https://bugzilla.gnome.org/show_bug.cgi?id=671545
The Since tag for these was saying 2.28 but it was actually added in
2.31. It looks like all of the Since tags list stable version numbers
so this patch bumps that up to 2.32.
https://bugzilla.gnome.org/show_bug.cgi?id=679258
Most changes were just replacing usage of "has_key" with "in".
Also updated the sorting function which was simplified and
changed to a "key" function instead of "cmp" (which is no longer
supported in python3. Verified everything builds with
python 2.7 and 3.
https://bugzilla.gnome.org/show_bug.cgi?id=678066
After fixing bug 674452 this test case now reliably fails, as "ABC abc" is text
and definitively not PowerPoint. It previously worked as g_content_type_guess()
was reading beyond the boundary of the data due to specifying -1 as data
length.
Update that test case to expect a PO template instead, and add two more with a
definitive PO template syntax and some binary data. We do not currently have a
MIME magic for PowerPoint, so we cannot actually detect it with certainty, but
at least make sure that the returned MIME type is correct.
https://bugzilla.gnome.org/show_bug.cgi?id=678941
We need to ignore the defaults.list item only when there
was a mimetype handler found in a previous mimetype, not
if one was found for the same mimetype as the one that
is listed in defaults.list (same for the new-style defaults).
There was an issue when looking up the default handler
for a type where a supertype was listed in defaults.list.
We would pick the default for the parent type even if
there was a handler for the more specific type.
In the case of the new-style defaults marking (
"Default Applications" in mimeapps.list) we were already
checking for a more specific handler befor using a default,
but we also need to do a similar check for the defaults.list
case.
https://bugzilla.gnome.org/show_bug.cgi?id=678944
g_content_type_guess() requires specifying a valid data length. Fixes a
segfault when running the test.
Also add an explicit check for this and return XDG_MIME_TYPE_UNKNOWN when
data_size is specified as -1, to avoid crashing.
https://bugzilla.gnome.org/show_bug.cgi?id=674452
Due to load, particular traits of the architecture, or other circumstances, the
/mainloop/timeouts sometimes manages to call the "every
100 ms" timer loop only 9 times in 1050 ms.
This is an inherent race-condition in the test; allow it some slack and accept
9 times as well.
https://bugzilla.gnome.org/show_bug.cgi?id=678959
Sometimes the poll duration in the /socket/timed_wait test is slightly lower
than the requested 100000, causing failures like
ERROR:/build/buildd/glib2.0-2.33.2/./gio/tests/socket.c:619:test_timed_wait:
assertion failed (poll_duration > = 100000): (99240 >= 100000)
FAIL
Adjust the test to also allow some jitter in the "too small" direction, similar
to the already existing span for "slightly too large".
https://bugzilla.gnome.org/show_bug.cgi?id=678881
