diff options
author | Simon McVittie <smcv@collabora.com> | 2021-02-02 20:52:03 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2021-02-02 20:52:19 +0000 |
commit | 7aa0580cc559148e0f4646461a42102bd98228b6 (patch) | |
tree | 991abf7ff5538ee3e7bd915f3084f828a2d4b3dd | |
parent | 6436d52a0a9a099b345fa39afe64c4c6a49d4c93 (diff) | |
download | glib-wip/gdbus-even-when-setcap.tar.gz |
gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuidwip/gdbus-even-when-setcap
This is against my better judgement, but it's the least bad regression
fix I can think of. If we don't do this, at least gnome-keyring-daemon
(setcap) and msmtp (setgid) are known to regress.
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2305
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981420
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981555
Signed-off-by: Simon McVittie <smcv@collabora.com>
-rw-r--r-- | gio/gdbusaddress.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c index 5dcbf9523..a341023df 100644 --- a/gio/gdbusaddress.c +++ b/gio/gdbusaddress.c @@ -1343,9 +1343,31 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type, case G_BUS_TYPE_SESSION: if (has_elevated_privileges) - ret = NULL; + { +#ifdef G_OS_UNIX + if (geteuid () == getuid ()) + { + /* Ideally we shouldn't do this, because setgid and + * filesystem capabilities are also elevated privileges + * with which we should not be trusting environment variables + * from the caller. Unfortunately, there are programs with + * elevated privileges that rely on the session bus being + * available. We already prevent the really dangerous + * transports like autolaunch: and unixexec: when our + * privileges are elevated, so this can only make us connect + * to the wrong AF_UNIX or TCP socket. */ + ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + } + else +#endif + { + ret = NULL; + } + } else - ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + { + ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + } if (ret == NULL) { |