diff options
| author | Ray Strode <rstrode@redhat.com> | 2019-08-28 11:20:07 -0400 |
|---|---|---|
| committer | Ray Strode <rstrode@redhat.com> | 2019-08-28 11:23:14 -0400 |
| commit | 68aac5ed238c28223c50eda1cbf9e752e0acc081 (patch) | |
| tree | 05adfc1b6832d9ca1e0819187b369c74ea9076c5 | |
| parent | ae09589d4436e44442439ee1bc980dc0283bc8f7 (diff) | |
| download | gdm-wip/oh-god-environment-variables-again.tar.gz | |
gdm-{wayland,x}-session: protect more session variableswip/oh-god-environment-variables-again
since commit 2802e92d27450d86d81b6356dd532ec80e797223 we allow users
to override the session environment with systemd's environment.d
mechanism.
That is great for PATH, but not so great for XDG_CURRENT_DESKTOP
and other potentially lingering session variables.
This commit adds more variables to the blacklist of things that
aren't allowed to be preempted by systemd's environment.
Closes https://gitlab.gnome.org/GNOME/gdm/issues/505
| -rw-r--r-- | daemon/gdm-wayland-session.c | 22 | ||||
| -rw-r--r-- | daemon/gdm-x-session.c | 28 |
2 files changed, 39 insertions, 11 deletions
diff --git a/daemon/gdm-wayland-session.c b/daemon/gdm-wayland-session.c index 79922664..650e180f 100644 --- a/daemon/gdm-wayland-session.c +++ b/daemon/gdm-wayland-session.c @@ -283,11 +283,22 @@ spawn_session (State *state, gboolean is_running = FALSE; int ret; char **argv = NULL; - static const char *session_variables[] = { "DISPLAY", - "XAUTHORITY", + static const char *session_variables[] = { "DESKTOP_SESSION", + "DISPLAY", + "GDMSESSION", + "GDM_LANG", + "GNOME_SHELL_SESSION_MODE", + "LANG", "WAYLAND_DISPLAY", "WAYLAND_SOCKET", - "GNOME_SHELL_SESSION_MODE", + "WINDOWPATH", + "XAUTHORITY", + "XDG_CURRENT_DESKTOP", + "XDG_SEAT", + "XDG_SESSION_ID", + "XDG_SESSION_CLASS", + "XDG_SESSION_DESKTOP", + "XDG_VTNR", NULL }; g_debug ("Running wayland session"); @@ -326,8 +337,11 @@ spawn_session (State *state, /* Don't allow session specific environment variables from earlier sessions to * leak through */ for (i = 0; session_variables[i] != NULL; i++) { - if (g_getenv (session_variables[i]) == NULL) { + const char *value = g_getenv (session_variables[i]); + if (value == NULL) { g_subprocess_launcher_unsetenv (launcher, session_variables[i]); + } else { + g_subprocess_launcher_setenv (launcher, session_variables[i], value, TRUE); } } } diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c index 9714da3e..8ca396fa 100644 --- a/daemon/gdm-x-session.c +++ b/daemon/gdm-x-session.c @@ -608,12 +608,23 @@ spawn_session (State *state, GError *error = NULL; gboolean is_running = FALSE; const char *vt; - static const char *session_variables[] = { "DISPLAY", - "XAUTHORITY", - "WAYLAND_DISPLAY", - "WAYLAND_SOCKET", - "GNOME_SHELL_SESSION_MODE", - NULL }; + static const char *session_variables[] = { "DESKTOP_SESSION", + "DISPLAY", + "GDMSESSION", + "GDM_LANG", + "GNOME_SHELL_SESSION_MODE", + "LANG", + "WAYLAND_DISPLAY", + "WAYLAND_SOCKET", + "WINDOWPATH", + "XAUTHORITY", + "XDG_CURRENT_DESKTOP", + "XDG_SEAT", + "XDG_SESSION_ID", + "XDG_SESSION_CLASS", + "XDG_SESSION_DESKTOP", + "XDG_VTNR", + NULL }; g_debug ("Running X session"); @@ -641,8 +652,11 @@ spawn_session (State *state, /* Don't allow session specific environment variables from earlier sessions to * leak through */ for (i = 0; session_variables[i] != NULL; i++) { - if (g_getenv (session_variables[i]) == NULL) { + const char *value = g_getenv (session_variables[i]); + if (value == NULL) { g_subprocess_launcher_unsetenv (launcher, session_variables[i]); + } else { + g_subprocess_launcher_setenv (launcher, session_variables[i], value, TRUE); } } } |