[gnome-session/benzea/systemd-issue-36] autostart-app: Strip blacklisted variables from autostart environment

From: Benjamin Berg <bberg src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-session/benzea/systemd-issue-36] autostart-app: Strip blacklisted variables from autostart environment
Date: Tue, 8 Oct 2019 10:44:05 +0000 (UTC)

commit 60e619b8a2cacc7b844fe6f0e206c895de68f890
Author: Benjamin Berg <bberg redhat com>
Date:   Mon Oct 7 22:47:24 2019 +0200

    autostart-app: Strip blacklisted variables from autostart environment
    
    So far the blacklisted variables were not actively striped from the
    environment of XDG autostart applications. Update the code to explicitly
    unset the variables, preventing e.g. NOTIFY_SOCKET to be leaked to
    children.
    
    Fixes: #36

 gnome-session/gsm-autostart-app.c | 5 +++++
 gnome-session/gsm-util.c          | 6 ++++++
 gnome-session/gsm-util.h          | 1 +
 3 files changed, 12 insertions(+)
---
diff --git a/gnome-session/gsm-autostart-app.c b/gnome-session/gsm-autostart-app.c
index 01ba5f9a..6fd5915a 100644
--- a/gnome-session/gsm-autostart-app.c
+++ b/gnome-session/gsm-autostart-app.c
@@ -997,6 +997,7 @@ autostart_app_start_spawn (GsmAutostartApp *app,
         gboolean         success;
         GError          *local_error;
         const char      *startup_id;
+        const char * const *variable_blacklist;
         const char * const *child_environment;
         int i;
         GAppLaunchContext *ctx;
@@ -1013,6 +1014,10 @@ autostart_app_start_spawn (GsmAutostartApp *app,
         local_error = NULL;
         ctx = g_app_launch_context_new ();
 
+        variable_blacklist = gsm_util_get_variable_blacklist ();
+        for (i = 0; variable_blacklist[i] != NULL; i++)
+                g_app_launch_context_unsetenv (ctx, variable_blacklist[i]);
+
         child_environment = gsm_util_listenv ();
         for (i = 0; child_environment[i] != NULL; i++) {
                 char **environment_tuple;
diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
index ada12253..02bc4a57 100644
--- a/gnome-session/gsm-util.c
+++ b/gnome-session/gsm-util.c
@@ -808,3 +808,9 @@ gsm_util_listenv (void)
         return (const char * const *) child_environment;
 
 }
+
+const char * const *
+gsm_util_get_variable_blacklist (void)
+{
+        return variable_blacklist;
+}
diff --git a/gnome-session/gsm-util.h b/gnome-session/gsm-util.h
index 8bca5f4d..bd7b6986 100644
--- a/gnome-session/gsm-util.h
+++ b/gnome-session/gsm-util.h
@@ -50,6 +50,7 @@ char *      gsm_util_generate_startup_id            (void);
 void        gsm_util_setenv                         (const char *variable,
                                                      const char *value);
 const char * const * gsm_util_listenv               (void);
+const char * const * gsm_util_get_variable_blacklist(void);
 
 gboolean    gsm_util_export_activation_environment  (GError     **error);
 #ifdef HAVE_SYSTEMD

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]