diff options
| author | Philip Withnall <pwithnall@endlessos.org> | 2020-12-04 23:36:05 +0000 |
|---|---|---|
| committer | Philip Withnall <pwithnall@endlessos.org> | 2021-01-07 15:02:25 +0000 |
| commit | dba585d020970fc3e48ad461105a267ecaf4d0f4 (patch) | |
| tree | 7bbc0b69d9240b4f0d4c37b0cfb5829bc6bc2907 /gio/gdbusaddress.c | |
| parent | ba414ee1008eac9a27b6a5ecf137a29ff147ccf8 (diff) | |
| download | glib-dba585d020970fc3e48ad461105a267ecaf4d0f4.tar.gz | |
gdbusaddress: Ignore D-Bus addresses from the environment when setuid
As with the previous commit, it’s unsafe to trust the environment when
running as setuid, as it comes from an untrusted caller. In particular,
with D-Bus, the caller could set up a fake ‘system’ bus which fed
incorrect data to this process.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2168
Diffstat (limited to 'gio/gdbusaddress.c')
| -rw-r--r-- | gio/gdbusaddress.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c index 26d52ea36..d26c4d25f 100644 --- a/gio/gdbusaddress.c +++ b/gio/gdbusaddress.c @@ -30,6 +30,7 @@ #include "gdbusaddress.h" #include "gdbuserror.h" #include "gioenumtypes.h" +#include "glib-private.h" #include "gnetworkaddress.h" #include "gsocketclient.h" #include "giostream.h" @@ -1285,6 +1286,7 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type, GCancellable *cancellable, GError **error) { + gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) (); gchar *ret, *s = NULL; const gchar *starter_bus; GError *local_error; @@ -1323,10 +1325,12 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type, _g_dbus_debug_print_unlock (); } + /* Don’t load the addresses from the environment if running as setuid, as they + * come from an unprivileged caller. */ switch (bus_type) { case G_BUS_TYPE_SYSTEM: - ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")); + ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")) : NULL; if (ret == NULL) { ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket"); @@ -1334,7 +1338,7 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type, break; case G_BUS_TYPE_SESSION: - ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")) : NULL; if (ret == NULL) { ret = get_session_address_platform_specific (&local_error); |