From d7dcec0e801fb1b78cc4e77b1a9d3b7998291c68 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Tue, 21 Sep 2021 12:09:06 -0700 Subject: [PATCH] Re-do "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid"" This reverts commit 0f9c7ed0219cc182a183ba78245f3b461fd664e6, which reverted commit 7aa0580cc559148e0f4646461a42102bd98228b6, so we go back to allowing this workaround. gnome-keyring still needs it to work correctly during gnome-initial-setup on Fedora, and when it doesn't work correctly, there are several major consequences: https://bugzilla.redhat.com/show_bug.cgi?id=2004565 https://bugzilla.redhat.com/show_bug.cgi?id=2005625 https://bugzilla.redhat.com/show_bug.cgi?id=2006314 --- gio/gdbusaddress.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c index 48c766682..f873be282 100644 --- a/gio/gdbusaddress.c +++ b/gio/gdbusaddress.c @@ -1343,9 +1343,31 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type, case G_BUS_TYPE_SESSION: if (has_elevated_privileges) - ret = NULL; + { +#ifdef G_OS_UNIX + if (geteuid () == getuid ()) + { + /* Ideally we shouldn't do this, because setgid and + * filesystem capabilities are also elevated privileges + * with which we should not be trusting environment variables + * from the caller. Unfortunately, there are programs with + * elevated privileges that rely on the session bus being + * available. We already prevent the really dangerous + * transports like autolaunch: and unixexec: when our + * privileges are elevated, so this can only make us connect + * to the wrong AF_UNIX or TCP socket. */ + ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + } + else +#endif + { + ret = NULL; + } + } else - ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + { + ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS")); + } if (ret == NULL) { -- 2.32.0