1
0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-21 11:46:15 +01:00
Commit Graph

22 Commits

Author SHA1 Message Date
Colin Walters
d6cbb29f59 CVE-2012-3524: Hardening for being run in a setuid environment
Some programs attempt to use libglib (or even libgio) when setuid.
For a long time, GTK+ simply aborted if launched in this
configuration, but we never had a real policy for GLib.

I'm not sure whether we should advertise such support.  However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.

Better to fix a problem caused by an interaction between two
components in *both* places if possible.

This patch adds a private function g_check_setuid() which is used to
first ensure we don't run an external dbus-launch binary if
DBUS_SESSION_BUS_ADDRESS isn't set.

Second, we also ensure the local VFS is used in this case.  The
gdaemonvfs extension point will end up talking to the session bus
which is typically undesirable in a setuid context.

Implementing g_check_setuid() is interesting - whether or not we're
running in a privilege-escalated path is operating system specific.
Note that GTK+'s code to check euid versus uid worked historically on
Unix, more modern systems have filesystem capabilities and SELinux
domain transitions, neither of which are captured by the uid
comparison.

On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup.  If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use.  Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1

So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.

On some BSD variants, there is a issetugid() function.  On other Unix
variants, we fall back to what GTK+ has been doing.

Reported-By: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
2012-09-13 18:34:29 -04:00
Matthias Clasen
3129bac14c Formatting cleanups 2012-06-04 06:04:28 -04:00
Alexander Larsson
e041843b3e Support resource:/// uris 2012-01-13 17:12:57 +01:00
Dan Winship
1481b7bca3 Add _g_io_module_get_default(), use to simplify other *_get_default()s
Add _g_io_module_get_default(), which implements the
figure-out-the-best-available-module-that-is-actually-usable logic,
and use that to simplify g_proxy_resolver_get_default(),
g_settings_backend_get_default(), g_tls_backend_get_default(), and
g_vfs_get_default().

https://bugzilla.gnome.org/show_bug.cgi?id=620932
2011-10-04 13:20:34 -04:00
Johan Dahlin
30132c44c1 Add a lot of missing annotations 2010-09-24 18:24:41 -03:00
Ryan Lortie
5b946e0504 gio/: fully remove gioalias hacks 2010-07-07 19:53:22 -04:00
Matthias Clasen
3bdbb2b329 Doc fixes
svn path=/trunk/; revision=7223
2008-07-21 02:19:56 +00:00
Johan Dahlin
761424465a Include "config.h" instead of <config.h> Command used: find -name
2008-06-21  Johan Dahlin  <jdahlin@async.com.br>

    * *.[ch]: Include "config.h" instead of <config.h>
    Command used:
    find -name \*.[ch]|xargs perl -p -i -e 's/^#include <config.h>/#include "config.h"/g'
    Rubberstamped by Mitch


svn path=/trunk/; revision=7092
2008-06-22 15:10:51 +00:00
Matthias Clasen
f3144c7efe Doc fixes
svn path=/trunk/; revision=6554
2008-02-21 18:20:17 +00:00
Alexander Larsson
431fef8617 Add g_file_query_default_handler utility to easily look up the GAppInfo
2008-01-29  Alexander Larsson  <alexl@redhat.com>

        * gfile.[ch]:
        Add g_file_query_default_handler utility to easily look up
	the GAppInfo that handles a file.
	
        * gdesktopappinfo.[ch]:
        * giomodule.c:
	Set up an extension point for g_app_info_get_default_for_uri_scheme()
	
        * gvfs.c:
	Remove unused function



svn path=/trunk/; revision=6409
2008-01-29 12:18:48 +00:00
Alexander Larsson
bff9ecedbb Add registration hooks for extension points. Register the gio extension
2008-01-28  Alexander Larsson  <alexl@redhat.com>

        * giomodule.[ch]:
        * gio.symbols:
	Add registration hooks for extension points.
	Register the gio extension points.
	
        * fam/gfamdirectorymonitor.c:
        * fam/gfamfilemonitor.c:
        * glocaldirectorymonitor.[ch]:
        * glocalfilemonitor.[ch]:
        * gnativevolumemonitor.h:
        * gunionvolumemonitor.c:
        * gunixvolumemonitor.c:
        * gvfs.[ch]:
        * gvolumemonitor.h:
        * inotify/ginotifydirectorymonitor.c:
        * inotify/ginotifyfilemonitor.c:
	Use the extension points registration instead
	of g_type_children().


svn path=/trunk/; revision=6399
2008-01-28 19:43:10 +00:00
Alexander Larsson
ba464215e7 Fix unused variable warning
2007-12-20  Alexander Larsson  <alexl@redhat.com>

	* gvfs.c (get_default_vfs):
	Fix unused variable warning


svn path=/trunk/; revision=6168
2007-12-20 10:57:45 +00:00
Alexander Larsson
28d1c8e0ad Make g_io_modules_load_all_in_directory not unuse loaded modules so that
2007-12-19  Alexander Larsson  <alexl@redhat.com>

        * giomodule.c:
	Make g_io_modules_load_all_in_directory not unuse
	loaded modules so that users of it can do stuff
	before unloading.
	Init internal "module" types.
	Initialize static prio and name for types so that
	we don't have to load modules to get it.
	
        * gnativevolumemonitor.h:
	* gvolumemonitor.h:
	Move is_supported to parent class so that
	non-native monitors can avoid being initialized
	too. (For instance GDaemonVolumeMonitor if we're
	not using GDaemonVfs.)
	
        * glocaldirectorymonitor.[ch]:
        * glocalfilemonitor.[ch]:
	* gunionvolumemonitor.c:
        * gunixvolumemonitor.c:
        * gvfs.c:
	Find plugins using the static prio+name to
	avoid unnecessarily loading the modules.


svn path=/trunk/; revision=6159
2007-12-19 16:08:55 +00:00
Matthias Clasen
0debd52858 Fix up includes in section docs
svn path=/trunk/; revision=6149
2007-12-18 02:52:11 +00:00
Alexander Larsson
3869c33a73 Added.
2007-12-05  Alexander Larsson  <alexl@redhat.com>

        * Makefile.am:
        * giomodule-priv.h: Added.
        * glocaldirectorymonitor.c:
        * glocalfilemonitor.c:
        * gunionvolumemonitor.c:
        * gvfs.c:
	Actually add the declaration of _g_io_modules_ensure_loaded


svn path=/trunk/; revision=6051
2007-12-05 11:10:21 +00:00
Alexander Larsson
4f039bd490 Fix warnings
2007-12-05  Alexander Larsson  <alexl@redhat.com>

        * gdatainputstream.c:
	Fix warnings
	
        * gio.symbols:
        * giomodule.[ch]
        * glocaldirectorymonitor.c:
        * glocalfilemonitor.c:
        * gunionvolumemonitor.c:
        * gvfs.c:
	Make g_io_modules_ensure_loaded a private function and
	don't pass in the dirname. This means we can do magic
	directory finding in the win32 version.
	Export the actual load-modules-in-directory code so that
	gvfs can reuse that.


svn path=/trunk/; revision=6050
2007-12-05 11:05:49 +00:00
Matthias Clasen
a2ca589703 More coding style fixes
svn path=/trunk/; revision=5999
2007-11-30 05:11:25 +00:00
Alexander Larsson
d9594f5709 Removed unnecessary file
2007-11-28  Alexander Larsson  <alexl@redhat.com>

        * Makefile.am:
        * gdriveprivate.h:
	Removed unnecessary file
	
        * gdesktopappinfo.[ch]:
        * gdummyfile.[ch]:
        * gfile.c:
        * glocaldirectorymonitor.[ch]:
        * glocalfile.[ch]:
        * glocalfileenumerator.[ch]:
        * glocalfileinputstream.[ch]:
        * glocalfilemonitor.[ch]:
        * glocalfileoutputstream.[ch]:
        * glocalvfs.[ch]:
        * gnativevolumemonitor.c:
        * gpollfilemonitor.[ch]:
        * gunionvolumemonitor.[ch]:
        * gunixdrive.[ch]:
        * gunixvolume.[ch]:
        * gunixvolumemonitor.[ch]:
        * gvfs.c:
        * gvolumeprivate.h:
        * inotify/ginotifydirectorymonitor.[ch]:
        * inotify/ginotifyfilemonitor.[ch]:
        * inotify/inotify-helper.c:
	Append _ to all internal functions
	
        * gio.symbols:
	Add missing symbols
	Export symbols needed for modules


svn path=/trunk/; revision=5977
2007-11-28 16:01:59 +00:00
Alexander Larsson
7f3280230b Added. Added. Added. Added.
2007-11-28  Alexander Larsson  <alexl@redhat.com>

        * Makefile.am:
        * abicheck.sh: Added.
        * makegioalias.pl: Added.
        * pltcheck.sh: Added.
        * gio.symbols: Added.
	* *.c:
        * inotify/*.c
	Initial work on adding symbol handling.

	* gvfs.h:
	Correct ifdef guard name

        * fam/Makefile.am:
        * inotify/Makefile.am:
        * xdgmime/Makefile.am:
	Include toplevel Makefile.decl


svn path=/trunk/; revision=5972
2007-11-28 12:39:07 +00:00
Matthias Clasen
442e8df1b8 Clean up some docs
svn path=/trunk/; revision=5966
2007-11-28 04:29:02 +00:00
Andrew Walton
5247f12f36 Bumps documentation to 93% symbol coverage, touching most
of the public files. Fixes broken function documentation prototypes. 
	Fixes GCancellable inaccuracies. Removes unnecessary incomplete 
	gtk-doc headers in private files.

svn path=/trunk/; revision=5953
2007-11-27 14:00:13 +00:00
Alexander Larsson
3781343738 gio/ docs/reference/gio Merged gio-standalone into glib.
2007-11-26  Alexander Larsson  <alexl@redhat.com>

        * Makefile.am:
        * configure.in:
        * gio-2.0-uninstalled.pc.in:
        * gio-2.0.pc.in: 
        * gio-unix-2.0-uninstalled.pc.in:
        * gio-unix-2.0.pc.in:
	* gio/
	* docs/reference/gio
	Merged gio-standalone into glib.
	
        * glib/glibintl.h:
        * glib/gutils.c:
	Export glib_gettext so that gio can use it
	Add P_ (using same domain for now)
	Add I_ as g_intern_static_string


svn path=/trunk/; revision=5941
2007-11-26 16:13:05 +00:00