Cherrypick from trunk

3 files changed, 13 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 7c49d379..40c070bc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Overview of changes in lightdm 1.0.7
+
+    * Drop privileges when reading ~/.dmrc
+
 Overview of changes in lightdm 1.0.6
 
     * Use lchown for correcting ownership of ~/.Xauthority instead of chown
diff --git a/configure.ac b/configure.ac
index a22a9057..dc6a7b3d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT(lightdm, 1.0.6)
+AC_INIT(lightdm, 1.0.7~bzr)
 AC_CONFIG_MACRO_DIR(m4)
 AC_CONFIG_HEADER(config.h)
 AM_INIT_AUTOMAKE
diff --git a/src/dmrc.c b/src/dmrc.c
index 41ac63bb..da8b5126 100644
--- a/src/dmrc.c
+++ b/src/dmrc.c
@@ -24,7 +24,7 @@ dmrc_load (const gchar *username)
     User *user;
     GKeyFile *dmrc_file;
     gchar *path;
-    gboolean have_dmrc;
+    gboolean have_dmrc, drop_privileges;
 
     dmrc_file = g_key_file_new ();
 
@@ -38,7 +38,14 @@ dmrc_load (const gchar *username)
     /* Load from the user directory, if this fails (e.g. the user directory
      * is not yet mounted) then load from the cache */
     path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL);
+
+    /* Guard against privilege escalation through symlinks, etc. */
+    drop_privileges = geteuid () == 0;
+    if (drop_privileges)
+        privileges_drop (user);
     have_dmrc = g_key_file_load_from_file (dmrc_file, path, G_KEY_FILE_KEEP_COMMENTS, NULL);
+    if (drop_privileges)
+        privileges_reclaim ();
     g_free (path);
 
     /* If no ~/.dmrc, then load from the cache */