diff options
author | Philip Withnall <pwithnall@endlessos.org> | 2023-04-28 11:11:03 +0100 |
---|---|---|
committer | Philip Withnall <pwithnall@endlessos.org> | 2023-04-28 11:11:03 +0100 |
commit | f42e04d2474069b5d52eea6f19a9336867cf2ef9 (patch) | |
tree | 514771b2095dcd3ccef171b478b68260aafe6fe9 | |
parent | 9b8369852b1de635124c97a7b15c987a9c9768b1 (diff) | |
download | glib-f42e04d2474069b5d52eea6f19a9336867cf2ef9.tar.gz |
docs: Document that GIO should not be used in privileged processes
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2289
-rw-r--r-- | docs/reference/glib/programming.xml | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/docs/reference/glib/programming.xml b/docs/reference/glib/programming.xml index 52df907e8..32f207943 100644 --- a/docs/reference/glib/programming.xml +++ b/docs/reference/glib/programming.xml @@ -43,7 +43,7 @@ support multithreaded applications. </refsect2> <refsect2> -<title>Security</title> +<title>Security and setuid use</title> <para> When writing code that runs with elevated privileges, it is important @@ -56,8 +56,17 @@ excellent book on this topic, When it comes to GLib and its associated libraries, GLib and GObject are generally fine to use in code that runs with elevated privileges; they don't load modules (executable code in shared objects) -or run other programs 'behind your back'. GIO has to be used -carefully in privileged programs, see the <ulink url="http://developer.gnome.org/gio/stable/ch02.html">GIO documentation</ulink> for details. +or run other programs ‘behind your back’. GIO, however, is not designed to be +used in privileged programs, either ones which are spawned by a privileged +process, or ones which are run with a setuid bit set. +</para> + +<para> +setuid programs should always reset their environment to contain only +known-safe values before calling into non-trivial libraries such as GIO. This +reduces the risk of an attacker-controlled environment variable being used to +get a privileged GIO process to run arbitrary code via loading a GIO module or +similar. </para> </refsect2> |