[glib: 5/6] gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 5/6] gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid
Date: Thu, 7 Jan 2021 15:15:48 +0000 (UTC)


commit 793f824a2e37496744f0138981ee2771a490c7af
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Dec 4 23:42:15 2020 +0000

    gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid
    
    As with previous commits, this could have been used to load private data
    for an unprivileged caller.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    
    Helps: #2168

 gio/gsettingsschema.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
index cbc3fad27..26b9a65ad 100644
--- a/gio/gsettingsschema.c
+++ b/gio/gsettingsschema.c
@@ -18,6 +18,7 @@
 
 #include "config.h"
 
+#include "glib-private.h"
 #include "gsettingsschema-internal.h"
 #include "gsettings.h"
 
@@ -343,6 +344,7 @@ initialise_schema_sources (void)
    */
   if G_UNLIKELY (g_once_init_enter (&initialised))
     {
+      gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
       const gchar * const *dirs;
       const gchar *path;
       gchar **extra_schema_dirs;
@@ -357,7 +359,9 @@ initialise_schema_sources (void)
 
       try_prepend_data_dir (g_get_user_data_dir ());
 
-      if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
+      /* Disallow loading extra schemas if running as setuid, as that could
+       * allow reading privileged files. */
+      if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
         {
           extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0);
           for (i = 0; extra_schema_dirs[i]; i++);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]