[gnome-session/benzea/systemd-issue-36] autostart-app: Strip blacklisted variables from autostart environment

From: Benjamin Berg <bberg src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-session/benzea/systemd-issue-36] autostart-app: Strip blacklisted variables from autostart environment
Date: Mon, 7 Oct 2019 20:53:20 +0000 (UTC)

commit b9bcddd6f2c7c5276dcf3710abc1f8c01f657312
Author: Benjamin Berg <bberg redhat com>
Date:   Mon Oct 7 22:47:24 2019 +0200

    autostart-app: Strip blacklisted variables from autostart environment
    
    So far the blacklisted variables were not actively striped from the
    environment of XDG autostart applications. Update the code to explicitly
    unset the variables, preventing e.g. NOTIFY_SOCKET to be leaked to
    children.

 gnome-session/gsm-autostart-app.c | 5 +++++
 gnome-session/gsm-util.c          | 8 ++++----
 gnome-session/gsm-util.h          | 2 ++
 3 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/gnome-session/gsm-autostart-app.c b/gnome-session/gsm-autostart-app.c
index 01ba5f9a..c263b7f5 100644
--- a/gnome-session/gsm-autostart-app.c
+++ b/gnome-session/gsm-autostart-app.c
@@ -1013,6 +1013,11 @@ autostart_app_start_spawn (GsmAutostartApp *app,
         local_error = NULL;
         ctx = g_app_launch_context_new ();
 
+        /* Unset all environment variables; everything relevant will be
+         * returned by gsm_util_listenv. */
+        for (i = 0; gsm_variable_blacklist[i] != NULL; i++)
+                g_app_launch_context_unsetenv (ctx, gsm_variable_blacklist[i]);
+
         child_environment = gsm_util_listenv ();
         for (i = 0; child_environment[i] != NULL; i++) {
                 char **environment_tuple;
diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
index ada12253..29bf51e0 100644
--- a/gnome-session/gsm-util.c
+++ b/gnome-session/gsm-util.c
@@ -41,7 +41,7 @@ static gchar **child_environment;
  * (e.g. XDG_VTNR), others because they simply must never be passed on
  * (NOTIFY_SOCKET).
  */
-static const char * const variable_blacklist[] = {
+const char * const gsm_variable_blacklist[] = {
     "NOTIFY_SOCKET",
     "XDG_SEAT",
     "XDG_SESSION_ID",
@@ -564,7 +564,7 @@ gsm_util_export_activation_environment (GError     **error)
                 const char *entry_name = entry_names[i];
                 const char *entry_value = g_getenv (entry_name);
 
-                if (g_strv_contains (variable_blacklist, entry_name))
+                if (g_strv_contains (gsm_variable_blacklist, entry_name))
                     continue;
 
                 if (!g_utf8_validate (entry_name, -1, NULL))
@@ -640,8 +640,8 @@ gsm_util_export_user_environment (GError     **error)
 
         entries = g_get_environ ();
 
-        for (i = 0; variable_blacklist[i] != NULL; i++)
-                entries = g_environ_unsetenv (entries, variable_blacklist[i]);
+        for (i = 0; gsm_variable_blacklist[i] != NULL; i++)
+                entries = g_environ_unsetenv (entries, gsm_variable_blacklist[i]);
 
         g_variant_builder_init (&builder, G_VARIANT_TYPE ("(asas)"));
 
diff --git a/gnome-session/gsm-util.h b/gnome-session/gsm-util.h
index 8bca5f4d..aad9e451 100644
--- a/gnome-session/gsm-util.h
+++ b/gnome-session/gsm-util.h
@@ -61,6 +61,8 @@ gboolean    gsm_util_start_systemd_unit             (const char  *unit,
 
 void        gsm_quit                                (void);
 
+extern const char * const gsm_variable_blacklist[];
+
 G_END_DECLS
 
 #endif /* __GSM_UTIL_H__ */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]