[glib: 4/6] gresource: Ignore G_RESOURCE_OVERLAYS when running as setuid

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 4/6] gresource: Ignore G_RESOURCE_OVERLAYS when running as setuid
Date: Thu, 7 Jan 2021 15:15:48 +0000 (UTC)


commit e2b5094cdb606c9f8ad6616830ebb71da5e5af96
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Dec 4 23:40:12 2020 +0000

    gresource: Ignore G_RESOURCE_OVERLAYS when running as setuid
    
    It could have been used to load private data which would not normally be
    accessible to an unprivileged caller.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    
    Helps: #2168

 gio/gresource.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/gio/gresource.c b/gio/gresource.c
index d9ce6f0cc..53933f9d2 100644
--- a/gio/gresource.c
+++ b/gio/gresource.c
@@ -32,6 +32,8 @@
 #include <gio/gzlibdecompressor.h>
 #include <gio/gconverterinputstream.h>
 
+#include "glib-private.h"
+
 struct _GResource
 {
   int ref_count;
@@ -163,7 +165,7 @@ G_DEFINE_BOXED_TYPE (GResource, g_resource, g_resource_ref, g_resource_unref)
  * replace resources in the program or library, without recompiling, for debugging or quick hacking and 
testing
  * purposes. Since GLib 2.50, it is possible to use the `G_RESOURCE_OVERLAYS` environment variable to 
selectively overlay
  * resources with replacements from the filesystem.  It is a %G_SEARCHPATH_SEPARATOR-separated list of 
substitutions to perform
- * during resource lookups.
+ * during resource lookups. It is ignored when running in a setuid process.
  *
  * A substitution has the form
  *
@@ -334,10 +336,13 @@ g_resource_find_overlay (const gchar    *path,
 
   if (g_once_init_enter (&overlay_dirs))
     {
+      gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
       const gchar * const *result;
       const gchar *envvar;
 
-      envvar = g_getenv ("G_RESOURCE_OVERLAYS");
+      /* Don’t load overlays if setuid, as they could allow reading privileged
+       * files. */
+      envvar = !is_setuid ? g_getenv ("G_RESOURCE_OVERLAYS") : NULL;
       if (envvar != NULL)
         {
           gchar **parts;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]