[glib: 1/2] Revert "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid"

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 1/2] Revert "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid"
Date: Thu, 19 Aug 2021 09:37:27 +0000 (UTC)


commit 0f9c7ed0219cc182a183ba78245f3b461fd664e6
Author: Philip Withnall <pwithnall endlessos org>
Date:   Wed Aug 4 16:16:16 2021 +0100

    Revert "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid"
    
    This reverts commit 7aa0580cc559148e0f4646461a42102bd98228b6.
    
    As stated in #2316, that commit was a workaround to allow gnome-keyring
    and msmtp to continue to get their session bus address from
    `DBUS_SESSION_BUS_ADDRESS`, even though they’re `AT_SECURE`. The timeout
    on that workaround has expired so that commit is now being reverted.
    
    Fixes: #2316

 gio/gdbusaddress.c | 26 ++------------------------
 1 file changed, 2 insertions(+), 24 deletions(-)
---
diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
index f873be282..48c766682 100644
--- a/gio/gdbusaddress.c
+++ b/gio/gdbusaddress.c
@@ -1343,31 +1343,9 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
 
     case G_BUS_TYPE_SESSION:
       if (has_elevated_privileges)
-        {
-#ifdef G_OS_UNIX
-          if (geteuid () == getuid ())
-            {
-              /* Ideally we shouldn't do this, because setgid and
-               * filesystem capabilities are also elevated privileges
-               * with which we should not be trusting environment variables
-               * from the caller. Unfortunately, there are programs with
-               * elevated privileges that rely on the session bus being
-               * available. We already prevent the really dangerous
-               * transports like autolaunch: and unixexec: when our
-               * privileges are elevated, so this can only make us connect
-               * to the wrong AF_UNIX or TCP socket. */
-              ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
-            }
-          else
-#endif
-            {
-              ret = NULL;
-            }
-        }
+        ret = NULL;
       else
-        {
-          ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
-        }
+        ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
 
       if (ret == NULL)
         {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]