From a52319bc294d05445fd8aa8f4a7f759c34558b5d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 22 Aug 2012 10:03:34 -0400 Subject: [PATCH 01/13] CVE-2012-3524: Don't access environment variables or run dbus-launch when setuid This matches a corresponding change in GLib. See glib/gutils.c:g_check_setuid(). Some programs attempt to use libdbus when setuid; notably the X.org server is shipped in such a configuration. libdbus never had an explicit policy about its use in setuid programs. I'm not sure whether we should advertise such support. However, given that there are real-world programs that do this currently, we can make them safer with not too much effort. Better to fix a problem caused by an interaction between two components in *both* places if possible. How to determine whether or not we're running in a privilege-escalated path is operating system specific. Note that GTK+'s code to check euid versus uid worked historically on Unix, more modern systems have filesystem capabilities and SELinux domain transitions, neither of which are captured by the uid comparison. On Linux/glibc, the way this works is that the kernel sets an AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on startup. If found, then glibc sets a public-but-undocumented __libc_enable_secure variable which we can use. Unfortunately, while it *previously* worked to check this variable, a combination of newer binutils and RPM break it: http://www.openwall.com/lists/owl-dev/2012/08/14/1 So for now on Linux/glibc, we fall back to the historical Unix version until we get glibc fixed. On some BSD variants, there is a issetugid() function. On other Unix variants, we fall back to what GTK+ has been doing. Reported-by: Sebastian Krahmer Signed-off-by: Colin Walters --- configure.ac | 2 +- dbus/dbus-keyring.c | 7 ++++ dbus/dbus-sysdeps-unix.c | 74 ++++++++++++++++++++++++++++++++++++++++ dbus/dbus-sysdeps-win.c | 6 ++++ dbus/dbus-sysdeps.c | 5 +++ dbus/dbus-sysdeps.h | 1 + 6 files changed, 94 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2e34f565..df909856 100644 --- a/configure.ac +++ b/configure.ac @@ -596,7 +596,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension] AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid) AC_CHECK_HEADERS([syslog.h]) if test "x$ac_cv_header_syslog_h" = "xyes"; then diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 23b9df5a..3b9ce315 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -717,6 +717,13 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials, DBusCredentials *our_credentials; _DBUS_ASSERT_ERROR_IS_CLEAR (error); + + if (_dbus_check_setuid ()) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to create DBus keyring when setuid"); + return NULL; + } keyring = NULL; error_set = FALSE; diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index cef8bd31..b4ecc96e 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3434,6 +3434,13 @@ _dbus_get_autolaunch_address (const char *scope, DBusString uuid; dbus_bool_t retval; + if (_dbus_check_setuid ()) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to autolaunch when setuid"); + return FALSE; + } + _DBUS_ASSERT_ERROR_IS_CLEAR (error); retval = FALSE; @@ -3551,6 +3558,13 @@ _dbus_lookup_launchd_socket (DBusString *socket_path, _DBUS_ASSERT_ERROR_IS_CLEAR (error); + if (_dbus_check_setuid ()) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to find launchd socket when setuid"); + return FALSE; + } + i = 0; argv[i] = "launchctl"; ++i; @@ -3591,6 +3605,13 @@ _dbus_lookup_session_address_launchd (DBusString *address, DBusError *error) dbus_bool_t valid_socket; DBusString socket_path; + if (_dbus_check_setuid ()) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to find launchd socket when setuid"); + return FALSE; + } + if (!_dbus_string_init (&socket_path)) { _DBUS_SET_OOM (error); @@ -4086,4 +4107,57 @@ _dbus_close_all (void) close (i); } +/** + * **NOTE**: If you modify this function, please also consider making + * the corresponding change in GLib. See + * glib/gutils.c:g_check_setuid(). + * + * Returns TRUE if the current process was executed as setuid (or an + * equivalent __libc_enable_secure is available). See: + * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html + */ +dbus_bool_t +_dbus_check_setuid (void) +{ + /* TODO: get __libc_enable_secure exported from glibc. + * See http://www.openwall.com/lists/owl-dev/2012/08/14/1 + */ +#if 0 && defined(HAVE_LIBC_ENABLE_SECURE) + { + /* See glibc/include/unistd.h */ + extern int __libc_enable_secure; + return __libc_enable_secure; + } +#elif defined(HAVE_ISSETUGID) + /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */ + return issetugid (); +#else + uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ + gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ + + static dbus_bool_t check_setuid_initialised; + static dbus_bool_t is_setuid; + + if (_DBUS_UNLIKELY (!check_setuid_initialised)) + { +#ifdef HAVE_GETRESUID + if (getresuid (&ruid, &euid, &suid) != 0 || + getresgid (&rgid, &egid, &sgid) != 0) +#endif /* HAVE_GETRESUID */ + { + suid = ruid = getuid (); + sgid = rgid = getgid (); + euid = geteuid (); + egid = getegid (); + } + + check_setuid_initialised = TRUE; + is_setuid = (ruid != euid || ruid != suid || + rgid != egid || rgid != sgid); + + } + return is_setuid; +#endif +} + /* tests in dbus-sysdeps-util.c */ diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c index 397520af..bc4951b5 100644 --- a/dbus/dbus-sysdeps-win.c +++ b/dbus/dbus-sysdeps-win.c @@ -3632,6 +3632,12 @@ _dbus_path_is_absolute (const DBusString *filename) return FALSE; } +dbus_bool_t +_dbus_check_setuid (void) +{ + return FALSE; +} + /** @} end of sysdeps-win */ /* tests in dbus-sysdeps-util.c */ diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 861bfec9..04fb8d76 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -182,6 +182,11 @@ _dbus_setenv (const char *varname, const char* _dbus_getenv (const char *varname) { + /* Don't respect any environment variables if the current process is + * setuid. This is the equivalent of glibc's __secure_getenv(). + */ + if (_dbus_check_setuid ()) + return NULL; return getenv (varname); } diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 4052cda9..eee91608 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -87,6 +87,7 @@ typedef struct DBusPipe DBusPipe; void _dbus_abort (void) _DBUS_GNUC_NORETURN; +dbus_bool_t _dbus_check_setuid (void); const char* _dbus_getenv (const char *varname); dbus_bool_t _dbus_setenv (const char *varname, const char *value); From 1a556443757b19fee67ef4441141246dd9cfed4f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 27 Sep 2012 21:29:29 -0400 Subject: [PATCH 02/13] hardening: Use __secure_getenv if available This helps us in the case where we were executed via filesystem capabilities or a SELinux domain transition, not necessarily a plain old setuid binary. https://bugs.freedesktop.org/show_bug.cgi?id=52202 --- configure.ac | 2 +- dbus/dbus-sysdeps.c | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index df909856..4eb530ae 100644 --- a/configure.ac +++ b/configure.ac @@ -596,7 +596,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension] AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid secure_getenv __secure_getenv ) AC_CHECK_HEADERS([syslog.h]) if test "x$ac_cv_header_syslog_h" = "xyes"; then diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 04fb8d76..976c7e4b 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -182,12 +182,18 @@ _dbus_setenv (const char *varname, const char* _dbus_getenv (const char *varname) { +#if defined(HAVE_SECURE_GETENV) + return secure_getenv (varname); +#elif defined(HAVE___SECURE_GETENV) + return __secure_getenv (varname); +#else /* Don't respect any environment variables if the current process is * setuid. This is the equivalent of glibc's __secure_getenv(). */ if (_dbus_check_setuid ()) return NULL; return getenv (varname); +#endif } /** From c27c5004132e597a8f386be6f9e4235519096398 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 27 Sep 2012 21:35:22 -0400 Subject: [PATCH 03/13] hardening: Ensure _dbus_check_setuid() is initialized threadsafe manner This is a highly theoretical concern, but we might as well. https://bugs.freedesktop.org/show_bug.cgi?id=52202 --- dbus/dbus-sysdeps-pthread.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dbus/dbus-sysdeps-pthread.c b/dbus/dbus-sysdeps-pthread.c index c9ec9e5b..c60457be 100644 --- a/dbus/dbus-sysdeps-pthread.c +++ b/dbus/dbus-sysdeps-pthread.c @@ -275,6 +275,11 @@ check_monotonic_clock (void) dbus_bool_t _dbus_threads_init_platform_specific (void) { + /* These have static variables, and we need to handle both the case + * where dbus_threads_init() has been called and when it hasn't; + * so initialize them before any threads are allowed to enter. + */ check_monotonic_clock (); + (void) _dbus_check_setuid (); return dbus_threads_init (NULL); } From d7ffad72146c2329692e0cf32eb1ac1dbb4fb51c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 10:05:59 -0400 Subject: [PATCH 04/13] hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid() This is a further security measure for the case of Linux/glibc when we're linked into a binary that's using filesystem capabilities or SELinux domain transitions (i.e. not plain old setuid). In this case, _dbus_getenv () will return NULL because it will use __secure_getenv(), which handles those via AT_SECURE. https://bugs.freedesktop.org/show_bug.cgi?id=52202 --- dbus/dbus-keyring.c | 6 ++++++ dbus/dbus-sysdeps-unix.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 3b9ce315..2516bc34 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -718,6 +718,12 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials, _DBUS_ASSERT_ERROR_IS_CLEAR (error); + if (_dbus_getenv ("HOME") == NULL) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to create DBus keyring with no $HOME"); + return FALSE; + } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index b4ecc96e..6fa5bcb6 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3434,6 +3434,12 @@ _dbus_get_autolaunch_address (const char *scope, DBusString uuid; dbus_bool_t retval; + if (_dbus_getenv ("PATH") == NULL) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to autolaunch when PATH is unset"); + return FALSE; + } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, From 9a0c289be67735870d208e2dca2b679da0c31c41 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 12:01:56 -0400 Subject: [PATCH 05/13] hardening: Remove activation helper handling for DBUS_VERBOSE It's not really useful. See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c17 --- bus/activation-helper.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/bus/activation-helper.c b/bus/activation-helper.c index ab9d6010..7864e0fe 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -140,17 +140,11 @@ out_all: return desktop_file; } -/* Cleares the environment, except for DBUS_VERBOSE and DBUS_STARTER_x */ +/* Clears the environment, except for DBUS_STARTER_x */ static dbus_bool_t clear_environment (DBusError *error) { const char *starter_env = NULL; -#ifdef DBUS_ENABLE_VERBOSE_MODE - const char *debug_env = NULL; - - /* are we debugging */ - debug_env = _dbus_getenv ("DBUS_VERBOSE"); -#endif /* we save the starter */ starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS"); @@ -165,12 +159,6 @@ clear_environment (DBusError *error) } #endif -#ifdef DBUS_ENABLE_VERBOSE_MODE - /* restore the debugging environment setting if set */ - if (debug_env) - _dbus_setenv ("DBUS_VERBOSE", debug_env); -#endif - /* restore the starter */ if (starter_env) _dbus_setenv ("DBUS_STARTER_ADDRESS", starter_env); From fc4547fe089136f119b49dd067a3cb876d487893 Mon Sep 17 00:00:00 2001 From: Geoffrey Thomas Date: Thu, 27 Sep 2012 22:02:06 -0700 Subject: [PATCH 06/13] activation-helper: Ensure DBUS_STARTER_ADDRESS is set correctly The fix for CVE-2012-3524 filters out all environment variables if libdbus is used from a setuid program, to prevent various spoofing attacks. Unfortunately, the activation helper is a setuid program linking libdbus, and this creates a regression for launched programs using DBUS_STARTER_ADDRESS, since it will no longer exist. Fix this by hardcoding the starter address to the default system bus address. Signed-off-by: Geoffrey Thomas Signed-off-by: Colin Walters --- bus/activation-helper.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/bus/activation-helper.c b/bus/activation-helper.c index 7864e0fe..cbc00d2f 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -140,15 +140,12 @@ out_all: return desktop_file; } -/* Clears the environment, except for DBUS_STARTER_x */ +/* Clears the environment, except for DBUS_STARTER_x, + * which we hardcode to the system bus. + */ static dbus_bool_t clear_environment (DBusError *error) { - const char *starter_env = NULL; - - /* we save the starter */ - starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS"); - #ifndef ACTIVATION_LAUNCHER_TEST /* totally clear the environment */ if (!_dbus_clearenv ()) @@ -159,11 +156,8 @@ clear_environment (DBusError *error) } #endif - /* restore the starter */ - if (starter_env) - _dbus_setenv ("DBUS_STARTER_ADDRESS", starter_env); - - /* set the type, which must be system if we got this far */ + /* Ensure the bus is set to system */ + _dbus_setenv ("DBUS_STARTER_ADDRESS", DBUS_SYSTEM_BUS_DEFAULT_ADDRESS); _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system"); return TRUE; From cf13cd08c74bd35bf834befb27af56a7f7ed7de1 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 13:08:42 -0400 Subject: [PATCH 07/13] Release 1.6.6 --- NEWS | 7 ++++++- configure.ac | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index bab9dda5..ae87020c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,11 @@ -D-Bus 1.6.6 (UNRELEASED) +D-Bus 1.6.6 (2012-09-28) == +The "Clear the environment in your setuid binaries, please" release. + +• CVE-2012-3524: Don't access environment variables (fd.o #52202) + Thanks to work and input from Colin Walters, Simon McVittie, + Geoffrey Thomas, and others. • Unix-specific: · Fix compilation on Solaris (fd.o #53286, Jonathan Perkin) · Work around interdependent headers on OpenBSD by including sys/types.h diff --git a/configure.ac b/configure.ac index 4eb530ae..4cdb71b8 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [5]) +m4_define([dbus_micro_version], [6]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) From 819eb8a9f5c852af3b5dca2bbea3b434d9d06404 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 13:20:14 -0400 Subject: [PATCH 08/13] Resume development --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 4cdb71b8..3a06bb0c 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [6]) +m4_define([dbus_micro_version], [7]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) From dcee0dd7c0a80b35d92712024507929303b9f07a Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 15:31:05 -0400 Subject: [PATCH 09/13] Revert "hardening: Use __secure_getenv if available" It breaks gnome-keyring-daemon at least in some configurations; see https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24 This reverts commit 1a556443757b19fee67ef4441141246dd9cfed4f. --- configure.ac | 2 +- dbus/dbus-sysdeps.c | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 3a06bb0c..f2107956 100644 --- a/configure.ac +++ b/configure.ac @@ -596,7 +596,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension] AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid secure_getenv __secure_getenv ) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid) AC_CHECK_HEADERS([syslog.h]) if test "x$ac_cv_header_syslog_h" = "xyes"; then diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 976c7e4b..04fb8d76 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -182,18 +182,12 @@ _dbus_setenv (const char *varname, const char* _dbus_getenv (const char *varname) { -#if defined(HAVE_SECURE_GETENV) - return secure_getenv (varname); -#elif defined(HAVE___SECURE_GETENV) - return __secure_getenv (varname); -#else /* Don't respect any environment variables if the current process is * setuid. This is the equivalent of glibc's __secure_getenv(). */ if (_dbus_check_setuid ()) return NULL; return getenv (varname); -#endif } /** From fb8b8ce72c5725cd18507d1c824870a6c37ed7f2 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 15:31:47 -0400 Subject: [PATCH 10/13] Revert "hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()" Follow to reverting a556443757b19fee67ef4441141246dd9cfed4f. See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24 This reverts commit d7ffad72146c2329692e0cf32eb1ac1dbb4fb51c. --- dbus/dbus-keyring.c | 6 ------ dbus/dbus-sysdeps-unix.c | 6 ------ 2 files changed, 12 deletions(-) diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 2516bc34..3b9ce315 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -718,12 +718,6 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials, _DBUS_ASSERT_ERROR_IS_CLEAR (error); - if (_dbus_getenv ("HOME") == NULL) - { - dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, - "Unable to create DBus keyring with no $HOME"); - return FALSE; - } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 6fa5bcb6..b4ecc96e 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3434,12 +3434,6 @@ _dbus_get_autolaunch_address (const char *scope, DBusString uuid; dbus_bool_t retval; - if (_dbus_getenv ("PATH") == NULL) - { - dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, - "Unable to autolaunch when PATH is unset"); - return FALSE; - } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, From 1cad15cc272446ade9987840642aa6730ebe92be Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 15:44:59 -0400 Subject: [PATCH 11/13] Release 1.6.8 --- NEWS | 12 ++++++++++++ configure.ac | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index ae87020c..02fa1457 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,15 @@ +D-Bus 1.6.8 (2012-09-28) +== + +The "Fix one thing, break another" release. + +• Follow up to CVE-2012-3524: The additional hardening + work to use __secure_getenv() as a followup to bug #52202 + broke certain configurations of gnome-keyring. Given + the difficulty of making this work without extensive + changes to gnome-keyring, use of __secure_getenv() is + deferred. + D-Bus 1.6.6 (2012-09-28) == diff --git a/configure.ac b/configure.ac index f2107956..24fcc9e7 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [7]) +m4_define([dbus_micro_version], [8]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) From 40cc5ebd4a5242e39a60111addbf6dd09a760174 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 2 Oct 2012 09:47:20 +0100 Subject: [PATCH 12/13] Post-release version bump --- NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 02fa1457..618de454 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +D-Bus 1.6.10 (UNRELEASED) +== + +... + D-Bus 1.6.8 (2012-09-28) == diff --git a/configure.ac b/configure.ac index 24fcc9e7..5490cf02 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [8]) +m4_define([dbus_micro_version], [9]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) From 62aec8838a2d3841c5f1377c6eef429a7df84aed Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 2 Oct 2012 09:34:48 +0100 Subject: [PATCH 13/13] activation helper: when compiled for tests, do not reset system bus address Otherwise, the tests try to connect to the real system bus, which will often fail - particularly if you run the tests configured for the default /usr/local (with no intention of installing the result), in which case the tests would try to connect to /usr/local/var/run/dbus/system_bus_socket. Reviewed-by: Colin Walters Bug: https://bugs.freedesktop.org/show_bug.cgi?id=52202 --- bus/activation-helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bus/activation-helper.c b/bus/activation-helper.c index cbc00d2f..8d7ae36f 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -154,11 +154,11 @@ clear_environment (DBusError *error) "could not clear environment\n"); return FALSE; } -#endif /* Ensure the bus is set to system */ _dbus_setenv ("DBUS_STARTER_ADDRESS", DBUS_SYSTEM_BUS_DEFAULT_ADDRESS); _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system"); +#endif return TRUE; }