From 9a0c289be67735870d208e2dca2b679da0c31c41 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 28 Sep 2012 12:01:56 -0400 Subject: hardening: Remove activation helper handling for DBUS_VERBOSE It's not really useful. See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c17 --- bus/activation-helper.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'bus') diff --git a/bus/activation-helper.c b/bus/activation-helper.c index ab9d6010..7864e0fe 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -140,17 +140,11 @@ out_all: return desktop_file; } -/* Cleares the environment, except for DBUS_VERBOSE and DBUS_STARTER_x */ +/* Clears the environment, except for DBUS_STARTER_x */ static dbus_bool_t clear_environment (DBusError *error) { const char *starter_env = NULL; -#ifdef DBUS_ENABLE_VERBOSE_MODE - const char *debug_env = NULL; - - /* are we debugging */ - debug_env = _dbus_getenv ("DBUS_VERBOSE"); -#endif /* we save the starter */ starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS"); @@ -165,12 +159,6 @@ clear_environment (DBusError *error) } #endif -#ifdef DBUS_ENABLE_VERBOSE_MODE - /* restore the debugging environment setting if set */ - if (debug_env) - _dbus_setenv ("DBUS_VERBOSE", debug_env); -#endif - /* restore the starter */ if (starter_env) _dbus_setenv ("DBUS_STARTER_ADDRESS", starter_env); -- cgit v1.2.3 From fc4547fe089136f119b49dd067a3cb876d487893 Mon Sep 17 00:00:00 2001 From: Geoffrey Thomas Date: Thu, 27 Sep 2012 22:02:06 -0700 Subject: activation-helper: Ensure DBUS_STARTER_ADDRESS is set correctly The fix for CVE-2012-3524 filters out all environment variables if libdbus is used from a setuid program, to prevent various spoofing attacks. Unfortunately, the activation helper is a setuid program linking libdbus, and this creates a regression for launched programs using DBUS_STARTER_ADDRESS, since it will no longer exist. Fix this by hardcoding the starter address to the default system bus address. Signed-off-by: Geoffrey Thomas Signed-off-by: Colin Walters --- bus/activation-helper.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'bus') diff --git a/bus/activation-helper.c b/bus/activation-helper.c index 7864e0fe..cbc00d2f 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -140,15 +140,12 @@ out_all: return desktop_file; } -/* Clears the environment, except for DBUS_STARTER_x */ +/* Clears the environment, except for DBUS_STARTER_x, + * which we hardcode to the system bus. + */ static dbus_bool_t clear_environment (DBusError *error) { - const char *starter_env = NULL; - - /* we save the starter */ - starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS"); - #ifndef ACTIVATION_LAUNCHER_TEST /* totally clear the environment */ if (!_dbus_clearenv ()) @@ -159,11 +156,8 @@ clear_environment (DBusError *error) } #endif - /* restore the starter */ - if (starter_env) - _dbus_setenv ("DBUS_STARTER_ADDRESS", starter_env); - - /* set the type, which must be system if we got this far */ + /* Ensure the bus is set to system */ + _dbus_setenv ("DBUS_STARTER_ADDRESS", DBUS_SYSTEM_BUS_DEFAULT_ADDRESS); _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system"); return TRUE; -- cgit v1.2.3 From 62aec8838a2d3841c5f1377c6eef429a7df84aed Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 2 Oct 2012 09:34:48 +0100 Subject: activation helper: when compiled for tests, do not reset system bus address Otherwise, the tests try to connect to the real system bus, which will often fail - particularly if you run the tests configured for the default /usr/local (with no intention of installing the result), in which case the tests would try to connect to /usr/local/var/run/dbus/system_bus_socket. Reviewed-by: Colin Walters Bug: https://bugs.freedesktop.org/show_bug.cgi?id=52202 --- bus/activation-helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'bus') diff --git a/bus/activation-helper.c b/bus/activation-helper.c index cbc00d2f..8d7ae36f 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -154,11 +154,11 @@ clear_environment (DBusError *error) "could not clear environment\n"); return FALSE; } -#endif /* Ensure the bus is set to system */ _dbus_setenv ("DBUS_STARTER_ADDRESS", DBUS_SYSTEM_BUS_DEFAULT_ADDRESS); _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system"); +#endif return TRUE; } -- cgit v1.2.3