diff options
| author | Philip Withnall <philip.withnall@collabora.co.uk> | 2016-05-19 10:08:08 +0100 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2016-06-06 12:33:16 -0400 |
| commit | daf3d5c2d15466a267221fcb099c59c870098e03 (patch) | |
| tree | 14c21ceb8944c26a228b8a7446f0fa5f292938bb | |
| parent | 004bd37d0b33eb39372bd0e0bed8ab9c1ac2c50c (diff) | |
| download | polkit-daf3d5c2d15466a267221fcb099c59c870098e03.tar.gz | |
data: Set GIO_USE_VFS=local in the environment
There is no need for polkit to ever use GVFS to load files from
non-local sources, so it's best to avoid loading GVFS code, and to just
rely on the local implementation in GIO instead. This reduces the attack
surface of polkit.
Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent,
because none of them need remote file access.
https://bugs.freedesktop.org/show_bug.cgi?id=95487
| -rw-r--r-- | src/polkitbackend/polkitd.c | 4 | ||||
| -rw-r--r-- | src/programs/pkaction.c | 4 | ||||
| -rw-r--r-- | src/programs/pkcheck.c | 4 | ||||
| -rw-r--r-- | src/programs/pkexec.c | 3 | ||||
| -rw-r--r-- | src/programs/pkttyagent.c | 4 |
5 files changed, 19 insertions, 0 deletions
diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index d1527fb..8d54ed7 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -22,6 +22,7 @@ #include "config.h" #include <signal.h> +#include <stdlib.h> #include <glib-unix.h> @@ -169,6 +170,9 @@ main (int argc, sigint_id = 0; registration_id = NULL; + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + g_type_init (); opt_context = g_option_context_new ("polkit system daemon"); diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c index f17a7dc..221662a 100644 --- a/src/programs/pkaction.c +++ b/src/programs/pkaction.c @@ -24,6 +24,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <glib/gi18n.h> #include <polkit/polkit.h> @@ -121,6 +122,9 @@ main (int argc, char *argv[]) actions = NULL; ret = 1; + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + g_type_init (); opt_show_version = FALSE; diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 5781893..33db128 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -24,6 +24,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <glib/gi18n.h> #include <polkit/polkit.h> #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE @@ -362,6 +363,9 @@ main (int argc, char *argv[]) local_agent_handle = NULL; ret = 126; + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + g_type_init (); details = polkit_details_new (); diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 50de92c..3b29b24 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -503,6 +503,9 @@ main (int argc, char *argv[]) opt_user = NULL; local_agent_handle = NULL; + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + /* check for correct invocation */ if (geteuid () != 0) { diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 423b728..8aac7dd 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <glib/gi18n.h> #include <polkit/polkit.h> #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE @@ -74,6 +75,9 @@ main (int argc, char *argv[]) guint ret = 126; GVariantBuilder builder; + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + g_type_init (); error = NULL; |