gio/gdbusserver: use non-abstract socket for unix:tmpdir=

This implements https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/350
for GDBus's server implementation.

Abstract sockets belong to the network namespace instead of the mount
namespace. As a result, mount namespace-based sandboxes (e.g. Flatpak)
cannot restrict access to abstract sockets (and therefore GDBus's
unix:tmpdir= server addresses), at least for applications with network
access permission, which may result in sandbox escapes unless the
application running the GDBus server explicitly check that the connecting
process is not in a sandbox. As of the time of writing, no known
applications using GDBusServer does this.

Fix this by always using non-abstract sockets for unix:tmpdir=, which is
allowed by the DBus specification.

1 files changed, 1 insertions, 8 deletions

diff --git a/gio/gdbusserver.c b/gio/gdbusserver.c
index f144d129a..db0c9ab50 100644
--- a/gio/gdbusserver.c
+++ b/gio/gdbusserver.c
@@ -725,14 +725,7 @@ try_unix (GDBusServer  *server,
       for (n = 0; n < 8; n++)
         g_string_append_c (s, random_ascii ());
 
-      /* prefer abstract namespace if available for tmpdir: addresses
-       * abstract namespace is disallowed for dir: addresses */
-      if (tmpdir != NULL && g_unix_socket_address_abstract_names_supported ())
-        address = g_unix_socket_address_new_with_type (s->str,
-                                                       -1,
-                                                       G_UNIX_SOCKET_ADDRESS_ABSTRACT);
-      else
-        address = g_unix_socket_address_new (s->str);
+      address = g_unix_socket_address_new (s->str);
       g_string_free (s, TRUE);
 
       local_error = NULL;