fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-01-07 20:30:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()

Browse source 
This is a further security measure for the case of Linux/glibc
when we're linked into a binary that's using filesystem capabilities
or SELinux domain transitions (i.e. not plain old setuid).

In this case, _dbus_getenv () will return NULL because it will
use __secure_getenv(), which handles those via AT_SECURE.

https://bugs.freedesktop.org/show_bug.cgi?id=52202
This commit is contained in:
Colin Walters 2012-09-28 10:05:59 -04:00
parent 4b351918b9
commit d4379ee8db
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
dbus/dbus-keyring.c
View file

@ -718,6 +718,12 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials,
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
if (_dbus_getenv ("HOME") == NULL)
{
dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
"Unable to create DBus keyring with no $HOME");
return FALSE;
}
if (_dbus_check_setuid ())
{
dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,

6
dbus/dbus-sysdeps-unix.c
View file

@ -3434,6 +3434,12 @@ _dbus_get_autolaunch_address (const char *scope,
DBusString uuid;
dbus_bool_t retval;
if (_dbus_getenv ("PATH") == NULL)
{
dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
"Unable to autolaunch when PATH is unset");
return FALSE;
}
if (_dbus_check_setuid ())
{
dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,