[glib: 2/6] gdbusaddress: Ignore D-Bus addresses from the environment when setuid

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 2/6] gdbusaddress: Ignore D-Bus addresses from the environment when setuid
Date: Thu, 7 Jan 2021 15:15:48 +0000 (UTC)


commit dba585d020970fc3e48ad461105a267ecaf4d0f4
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Dec 4 23:36:05 2020 +0000

    gdbusaddress: Ignore D-Bus addresses from the environment when setuid
    
    As with the previous commit, it’s unsafe to trust the environment when
    running as setuid, as it comes from an untrusted caller. In particular,
    with D-Bus, the caller could set up a fake ‘system’ bus which fed
    incorrect data to this process.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    
    Helps: #2168

 gio/gdbusaddress.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
index 26d52ea36..d26c4d25f 100644
--- a/gio/gdbusaddress.c
+++ b/gio/gdbusaddress.c
@@ -30,6 +30,7 @@
 #include "gdbusaddress.h"
 #include "gdbuserror.h"
 #include "gioenumtypes.h"
+#include "glib-private.h"
 #include "gnetworkaddress.h"
 #include "gsocketclient.h"
 #include "giostream.h"
@@ -1285,6 +1286,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
                                  GCancellable  *cancellable,
                                  GError       **error)
 {
+  gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
   gchar *ret, *s = NULL;
   const gchar *starter_bus;
   GError *local_error;
@@ -1323,10 +1325,12 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
       _g_dbus_debug_print_unlock ();
     }
 
+  /* Don’t load the addresses from the environment if running as setuid, as they
+   * come from an unprivileged caller. */
   switch (bus_type)
     {
     case G_BUS_TYPE_SYSTEM:
-      ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS"));
+      ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")) : NULL;
       if (ret == NULL)
         {
           ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket");
@@ -1334,7 +1338,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
       break;
 
     case G_BUS_TYPE_SESSION:
-      ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
+      ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")) : NULL;
       if (ret == NULL)
         {
           ret = get_session_address_platform_specific (&local_error);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]