From 68aac5ed238c28223c50eda1cbf9e752e0acc081 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Wed, 28 Aug 2019 11:20:07 -0400 Subject: gdm-{wayland,x}-session: protect more session variables since commit 2802e92d27450d86d81b6356dd532ec80e797223 we allow users to override the session environment with systemd's environment.d mechanism. That is great for PATH, but not so great for XDG_CURRENT_DESKTOP and other potentially lingering session variables. This commit adds more variables to the blacklist of things that aren't allowed to be preempted by systemd's environment. Closes https://gitlab.gnome.org/GNOME/gdm/issues/505 --- daemon/gdm-wayland-session.c | 22 ++++++++++++++++++---- daemon/gdm-x-session.c | 28 +++++++++++++++++++++------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/daemon/gdm-wayland-session.c b/daemon/gdm-wayland-session.c index 79922664..650e180f 100644 --- a/daemon/gdm-wayland-session.c +++ b/daemon/gdm-wayland-session.c @@ -283,11 +283,22 @@ spawn_session (State *state, gboolean is_running = FALSE; int ret; char **argv = NULL; - static const char *session_variables[] = { "DISPLAY", - "XAUTHORITY", + static const char *session_variables[] = { "DESKTOP_SESSION", + "DISPLAY", + "GDMSESSION", + "GDM_LANG", + "GNOME_SHELL_SESSION_MODE", + "LANG", "WAYLAND_DISPLAY", "WAYLAND_SOCKET", - "GNOME_SHELL_SESSION_MODE", + "WINDOWPATH", + "XAUTHORITY", + "XDG_CURRENT_DESKTOP", + "XDG_SEAT", + "XDG_SESSION_ID", + "XDG_SESSION_CLASS", + "XDG_SESSION_DESKTOP", + "XDG_VTNR", NULL }; g_debug ("Running wayland session"); @@ -326,8 +337,11 @@ spawn_session (State *state, /* Don't allow session specific environment variables from earlier sessions to * leak through */ for (i = 0; session_variables[i] != NULL; i++) { - if (g_getenv (session_variables[i]) == NULL) { + const char *value = g_getenv (session_variables[i]); + if (value == NULL) { g_subprocess_launcher_unsetenv (launcher, session_variables[i]); + } else { + g_subprocess_launcher_setenv (launcher, session_variables[i], value, TRUE); } } } diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c index 9714da3e..8ca396fa 100644 --- a/daemon/gdm-x-session.c +++ b/daemon/gdm-x-session.c @@ -608,12 +608,23 @@ spawn_session (State *state, GError *error = NULL; gboolean is_running = FALSE; const char *vt; - static const char *session_variables[] = { "DISPLAY", - "XAUTHORITY", - "WAYLAND_DISPLAY", - "WAYLAND_SOCKET", - "GNOME_SHELL_SESSION_MODE", - NULL }; + static const char *session_variables[] = { "DESKTOP_SESSION", + "DISPLAY", + "GDMSESSION", + "GDM_LANG", + "GNOME_SHELL_SESSION_MODE", + "LANG", + "WAYLAND_DISPLAY", + "WAYLAND_SOCKET", + "WINDOWPATH", + "XAUTHORITY", + "XDG_CURRENT_DESKTOP", + "XDG_SEAT", + "XDG_SESSION_ID", + "XDG_SESSION_CLASS", + "XDG_SESSION_DESKTOP", + "XDG_VTNR", + NULL }; g_debug ("Running X session"); @@ -641,8 +652,11 @@ spawn_session (State *state, /* Don't allow session specific environment variables from earlier sessions to * leak through */ for (i = 0; session_variables[i] != NULL; i++) { - if (g_getenv (session_variables[i]) == NULL) { + const char *value = g_getenv (session_variables[i]); + if (value == NULL) { g_subprocess_launcher_unsetenv (launcher, session_variables[i]); + } else { + g_subprocess_launcher_setenv (launcher, session_variables[i], value, TRUE); } } } -- cgit v1.2.1