diff options
author | Marco Trevisan <mail@3v1n0.net> | 2022-10-21 16:09:12 +0000 |
---|---|---|
committer | Marco Trevisan <mail@3v1n0.net> | 2022-10-21 16:09:12 +0000 |
commit | d83c87c1f60e6b72c20a4cbce87fd1f35cade0df (patch) | |
tree | 3fdd5732d89d9682be49b685ec03aeef737721b7 | |
parent | 86430a27d26b9b72b02ff0b81eeaa5df0525646c (diff) | |
parent | 9151fe94cb21ef78c00b0ce0b7dfebdbc423830c (diff) | |
download | glib-d83c87c1f60e6b72c20a4cbce87fd1f35cade0df.tar.gz |
Merge branch 'gdbus-server-no-abstract-tmpdir' into 'main'
Fix sandbox escape in GDBusServer
See merge request GNOME/glib!3005
-rw-r--r-- | gio/gdbusdaemon.c | 9 | ||||
-rw-r--r-- | gio/gdbusserver.c | 9 | ||||
-rw-r--r-- | gio/tests/gdbus-auth.c | 15 | ||||
-rw-r--r-- | gio/tests/gdbus-overflow.c | 9 | ||||
-rw-r--r-- | gio/tests/gmenumodel.c | 9 |
5 files changed, 11 insertions, 40 deletions
diff --git a/gio/gdbusdaemon.c b/gio/gdbusdaemon.c index 8837b4819..5a8e523f0 100644 --- a/gio/gdbusdaemon.c +++ b/gio/gdbusdaemon.c @@ -1618,13 +1618,8 @@ initable_init (GInitable *initable, if (daemon->address == NULL) { #ifdef G_OS_UNIX - if (g_unix_socket_address_abstract_names_supported ()) - daemon->address = g_strdup ("unix:tmpdir=/tmp/gdbus-daemon"); - else - { - daemon->tmpdir = g_dir_make_tmp ("gdbus-daemon-XXXXXX", NULL); - daemon->address = g_strdup_printf ("unix:tmpdir=%s", daemon->tmpdir); - } + daemon->tmpdir = g_dir_make_tmp ("gdbus-daemon-XXXXXX", NULL); + daemon->address = g_strdup_printf ("unix:tmpdir=%s", daemon->tmpdir); flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER; #else /* Don’t require authentication on Windows as that hasn’t been diff --git a/gio/gdbusserver.c b/gio/gdbusserver.c index f144d129a..db0c9ab50 100644 --- a/gio/gdbusserver.c +++ b/gio/gdbusserver.c @@ -725,14 +725,7 @@ try_unix (GDBusServer *server, for (n = 0; n < 8; n++) g_string_append_c (s, random_ascii ()); - /* prefer abstract namespace if available for tmpdir: addresses - * abstract namespace is disallowed for dir: addresses */ - if (tmpdir != NULL && g_unix_socket_address_abstract_names_supported ()) - address = g_unix_socket_address_new_with_type (s->str, - -1, - G_UNIX_SOCKET_ADDRESS_ABSTRACT); - else - address = g_unix_socket_address_new (s->str); + address = g_unix_socket_address_new (s->str); g_string_free (s, TRUE); local_error = NULL; diff --git a/gio/tests/gdbus-auth.c b/gio/tests/gdbus-auth.c index b0d163d98..e62f53f87 100644 --- a/gio/tests/gdbus-auth.c +++ b/gio/tests/gdbus-auth.c @@ -63,17 +63,10 @@ server_new_for_mechanism (const gchar *allowed_mechanism) guid = g_dbus_generate_guid (); #ifdef G_OS_UNIX - if (g_unix_socket_address_abstract_names_supported ()) - { - addr = g_strdup ("unix:tmpdir=/tmp/gdbus-test-"); - } - else - { - gchar *tmpdir; - tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL); - addr = g_strdup_printf ("unix:tmpdir=%s", tmpdir); - g_free (tmpdir); - } + gchar *tmpdir; + tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL); + addr = g_strdup_printf ("unix:tmpdir=%s", tmpdir); + g_free (tmpdir); #else addr = g_strdup ("nonce-tcp:"); #endif diff --git a/gio/tests/gdbus-overflow.c b/gio/tests/gdbus-overflow.c index e3896e1b1..b0dc89f0f 100644 --- a/gio/tests/gdbus-overflow.c +++ b/gio/tests/gdbus-overflow.c @@ -219,13 +219,8 @@ main (int argc, if (is_unix) { - if (g_unix_socket_address_abstract_names_supported ()) - tmp_address = g_strdup ("unix:tmpdir=/tmp/gdbus-test-"); - else - { - tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL); - tmp_address = g_strdup_printf ("unix:tmpdir=%s", tmpdir); - } + tmpdir = g_dir_make_tmp ("gdbus-test-XXXXXX", NULL); + tmp_address = g_strdup_printf ("unix:tmpdir=%s", tmpdir); } else tmp_address = g_strdup ("nonce-tcp:"); diff --git a/gio/tests/gmenumodel.c b/gio/tests/gmenumodel.c index 618a29eae..04ae2840b 100644 --- a/gio/tests/gmenumodel.c +++ b/gio/tests/gmenumodel.c @@ -831,13 +831,8 @@ service_thread_func (gpointer user_data) flags = G_DBUS_SERVER_FLAGS_NONE; #ifdef G_OS_UNIX - if (g_unix_socket_address_abstract_names_supported ()) - address = g_strdup ("unix:tmpdir=/tmp/test-dbus-peer"); - else - { - tmpdir = g_dir_make_tmp ("test-dbus-peer-XXXXXX", NULL); - address = g_strdup_printf ("unix:tmpdir=%s", tmpdir); - } + tmpdir = g_dir_make_tmp ("test-dbus-peer-XXXXXX", NULL); + address = g_strdup_printf ("unix:tmpdir=%s", tmpdir); #else address = g_strdup ("nonce-tcp:"); flags |= G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS; |