diff options
author | Mike Gorse <mgorse@suse.com> | 2015-12-07 11:53:49 -0600 |
---|---|---|
committer | Mike Gorse <mgorse@suse.com> | 2015-12-07 12:14:08 -0600 |
commit | 97f163edd95e46be9aa5d8315fbbed75fa5d8323 (patch) | |
tree | 087adda2afcf370cc0ef5cd051c54e0c540bad87 | |
parent | 34b5d53c7dd36aef9c6b67bf5c2d7346d1a32bc1 (diff) | |
download | at-spi2-atk-97f163edd95e46be9aa5d8315fbbed75fa5d8323.tar.gz |
Always accept connections as root if unable to find an owning user
When running as root, we look through /proc to try to identify our
parent and check that it matches the user making a connection. However,
this check does not always yield useful information and also will
always fail on anything that isn't Linux. Unsure what security
implications this change has, but then it isn't ideal to run UI as
the super-user in the first place, yet users sometimes need to do so
for various reasons, and a11y needs to be enabled, so adding this
change unless a better solution is found.
-rw-r--r-- | atk-adaptor/bridge.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/atk-adaptor/bridge.c b/atk-adaptor/bridge.c index 9c2117f..d0ca5da 100644 --- a/atk-adaptor/bridge.c +++ b/atk-adaptor/bridge.c @@ -661,7 +661,10 @@ user_check (DBusConnection *bus, unsigned long uid, void *data) if (uid == getuid () || uid == geteuid ()) return TRUE; if (getuid () == 0) - return get_ancestral_uid (getpid ()) == uid; + { + guint ancestor = get_ancestral_uid (getpid ()); + return (ancestor == uid || ancestor == 1 || ancestor == 0); + } return FALSE; } |