mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
646a5c1cbf
a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
127 lines
3.4 KiB
Diff
127 lines
3.4 KiB
Diff
From daf3d5c2d15466a267221fcb099c59c870098e03 Mon Sep 17 00:00:00 2001
|
|
From: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
Date: Thu, 19 May 2016 10:08:08 +0100
|
|
Subject: [PATCH 05/16] data: Set GIO_USE_VFS=local in the environment
|
|
|
|
There is no need for polkit to ever use GVFS to load files from
|
|
non-local sources, so it's best to avoid loading GVFS code, and to just
|
|
rely on the local implementation in GIO instead. This reduces the attack
|
|
surface of polkit.
|
|
|
|
Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent,
|
|
because none of them need remote file access.
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=95487
|
|
---
|
|
src/polkitbackend/polkitd.c | 4 ++++
|
|
src/programs/pkaction.c | 4 ++++
|
|
src/programs/pkcheck.c | 4 ++++
|
|
src/programs/pkexec.c | 3 +++
|
|
src/programs/pkttyagent.c | 4 ++++
|
|
5 files changed, 19 insertions(+)
|
|
|
|
diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c
|
|
index d1527fb..8d54ed7 100644
|
|
--- a/src/polkitbackend/polkitd.c
|
|
+++ b/src/polkitbackend/polkitd.c
|
|
@@ -22,6 +22,7 @@
|
|
#include "config.h"
|
|
|
|
#include <signal.h>
|
|
+#include <stdlib.h>
|
|
|
|
#include <glib-unix.h>
|
|
|
|
@@ -169,6 +170,9 @@ main (int argc,
|
|
sigint_id = 0;
|
|
registration_id = NULL;
|
|
|
|
+ /* Disable remote file access from GIO. */
|
|
+ setenv ("GIO_USE_VFS", "local", 1);
|
|
+
|
|
g_type_init ();
|
|
|
|
opt_context = g_option_context_new ("polkit system daemon");
|
|
diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
|
|
index f17a7dc..221662a 100644
|
|
--- a/src/programs/pkaction.c
|
|
+++ b/src/programs/pkaction.c
|
|
@@ -24,6 +24,7 @@
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
#include <glib/gi18n.h>
|
|
#include <polkit/polkit.h>
|
|
|
|
@@ -121,6 +122,9 @@ main (int argc, char *argv[])
|
|
actions = NULL;
|
|
ret = 1;
|
|
|
|
+ /* Disable remote file access from GIO. */
|
|
+ setenv ("GIO_USE_VFS", "local", 1);
|
|
+
|
|
g_type_init ();
|
|
|
|
opt_show_version = FALSE;
|
|
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
|
|
index 5781893..33db128 100644
|
|
--- a/src/programs/pkcheck.c
|
|
+++ b/src/programs/pkcheck.c
|
|
@@ -24,6 +24,7 @@
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
#include <glib/gi18n.h>
|
|
#include <polkit/polkit.h>
|
|
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
|
|
@@ -362,6 +363,9 @@ main (int argc, char *argv[])
|
|
local_agent_handle = NULL;
|
|
ret = 126;
|
|
|
|
+ /* Disable remote file access from GIO. */
|
|
+ setenv ("GIO_USE_VFS", "local", 1);
|
|
+
|
|
g_type_init ();
|
|
|
|
details = polkit_details_new ();
|
|
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
|
index 50de92c..3b29b24 100644
|
|
--- a/src/programs/pkexec.c
|
|
+++ b/src/programs/pkexec.c
|
|
@@ -503,6 +503,9 @@ main (int argc, char *argv[])
|
|
opt_user = NULL;
|
|
local_agent_handle = NULL;
|
|
|
|
+ /* Disable remote file access from GIO. */
|
|
+ setenv ("GIO_USE_VFS", "local", 1);
|
|
+
|
|
/* check for correct invocation */
|
|
if (geteuid () != 0)
|
|
{
|
|
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
|
|
index 423b728..8aac7dd 100644
|
|
--- a/src/programs/pkttyagent.c
|
|
+++ b/src/programs/pkttyagent.c
|
|
@@ -24,6 +24,7 @@
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
#include <glib/gi18n.h>
|
|
#include <polkit/polkit.h>
|
|
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
|
|
@@ -74,6 +75,9 @@ main (int argc, char *argv[])
|
|
guint ret = 126;
|
|
GVariantBuilder builder;
|
|
|
|
+ /* Disable remote file access from GIO. */
|
|
+ setenv ("GIO_USE_VFS", "local", 1);
|
|
+
|
|
g_type_init ();
|
|
|
|
error = NULL;
|
|
--
|
|
2.13.0
|
|
|