[glib/glib-2-66: 2/6] gdbusaddress: Ignore D-Bus addresses from the environment when setuid

From: Sebastian Dröge <sdroege src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib/glib-2-66: 2/6] gdbusaddress: Ignore D-Bus addresses from the environment when setuid
Date: Fri, 8 Jan 2021 09:10:16 +0000 (UTC)


commit b52da3d25939258aca98741a5d8aecb0d69f1689
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Dec 4 23:36:05 2020 +0000

    gdbusaddress: Ignore D-Bus addresses from the environment when setuid
    
    As with the previous commit, it’s unsafe to trust the environment when
    running as setuid, as it comes from an untrusted caller. In particular,
    with D-Bus, the caller could set up a fake ‘system’ bus which fed
    incorrect data to this process.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>
    
    Helps: #2168

 gio/gdbusaddress.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
index 3dd3cc84b..4ec81efb2 100644
--- a/gio/gdbusaddress.c
+++ b/gio/gdbusaddress.c
@@ -30,6 +30,7 @@
 #include "gdbusaddress.h"
 #include "gdbuserror.h"
 #include "gioenumtypes.h"
+#include "glib-private.h"
 #include "gnetworkaddress.h"
 #include "gsocketclient.h"
 #include "giostream.h"
@@ -1279,6 +1280,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
                                  GCancellable  *cancellable,
                                  GError       **error)
 {
+  gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
   gchar *ret, *s = NULL;
   const gchar *starter_bus;
   GError *local_error;
@@ -1317,10 +1319,12 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
       _g_dbus_debug_print_unlock ();
     }
 
+  /* Don’t load the addresses from the environment if running as setuid, as they
+   * come from an unprivileged caller. */
   switch (bus_type)
     {
     case G_BUS_TYPE_SYSTEM:
-      ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS"));
+      ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")) : NULL;
       if (ret == NULL)
         {
           ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket");
@@ -1328,7 +1332,7 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
       break;
 
     case G_BUS_TYPE_SESSION:
-      ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
+      ret = !is_setuid ? g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")) : NULL;
       if (ret == NULL)
         {
           ret = get_session_address_platform_specific (&local_error);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]