f799bfd9f2
This re-enables a workaround which upstream recently disabled for security reasons, but which is still currently needed for gnome-keyring to function properly during gnome-initial-setup. This should fix several bugs that were all consequences of gnome-keyring not working correctly: https://bugzilla.redhat.com/show_bug.cgi?id=2004565 https://bugzilla.redhat.com/show_bug.cgi?id=2005625 https://bugzilla.redhat.com/show_bug.cgi?id=2006314
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
From d7dcec0e801fb1b78cc4e77b1a9d3b7998291c68 Mon Sep 17 00:00:00 2001
|
|
From: Adam Williamson <awilliam@redhat.com>
|
|
Date: Tue, 21 Sep 2021 12:09:06 -0700
|
|
Subject: [PATCH] Re-do "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but
|
|
not setuid""
|
|
|
|
This reverts commit 0f9c7ed0219cc182a183ba78245f3b461fd664e6,
|
|
which reverted commit 7aa0580cc559148e0f4646461a42102bd98228b6,
|
|
so we go back to allowing this workaround. gnome-keyring still
|
|
needs it to work correctly during gnome-initial-setup on Fedora,
|
|
and when it doesn't work correctly, there are several major
|
|
consequences:
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=2004565
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=2005625
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=2006314
|
|
---
|
|
gio/gdbusaddress.c | 26 ++++++++++++++++++++++++--
|
|
1 file changed, 24 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
|
|
index 48c766682..f873be282 100644
|
|
--- a/gio/gdbusaddress.c
|
|
+++ b/gio/gdbusaddress.c
|
|
@@ -1343,9 +1343,31 @@ g_dbus_address_get_for_bus_sync (GBusType bus_type,
|
|
|
|
case G_BUS_TYPE_SESSION:
|
|
if (has_elevated_privileges)
|
|
- ret = NULL;
|
|
+ {
|
|
+#ifdef G_OS_UNIX
|
|
+ if (geteuid () == getuid ())
|
|
+ {
|
|
+ /* Ideally we shouldn't do this, because setgid and
|
|
+ * filesystem capabilities are also elevated privileges
|
|
+ * with which we should not be trusting environment variables
|
|
+ * from the caller. Unfortunately, there are programs with
|
|
+ * elevated privileges that rely on the session bus being
|
|
+ * available. We already prevent the really dangerous
|
|
+ * transports like autolaunch: and unixexec: when our
|
|
+ * privileges are elevated, so this can only make us connect
|
|
+ * to the wrong AF_UNIX or TCP socket. */
|
|
+ ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
|
|
+ }
|
|
+ else
|
|
+#endif
|
|
+ {
|
|
+ ret = NULL;
|
|
+ }
|
|
+ }
|
|
else
|
|
- ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
|
|
+ {
|
|
+ ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
|
|
+ }
|
|
|
|
if (ret == NULL)
|
|
{
|
|
--
|
|
2.32.0
|
|
|