diff options
author | Colin Walters <walters@verbum.org> | 2012-09-14 11:21:28 +0200 |
---|---|---|
committer | Christophe Fergeau <cfergeau@redhat.com> | 2012-09-14 11:21:44 +0200 |
commit | efbf867bb88845d5edf839550b54494b1bb752b9 (patch) | |
tree | a2aa4ee5cc54aa41613d0e008972157a81be6834 | |
parent | 78ad29f5d891d8a63420f2abce822fc71111bb34 (diff) |
usb-acl-helper: Clear environment
Otherwise we can be subject to attack via environment variables such
as DBUS_SYSTEM_BUS_ADDRESS.
This addresses CVE-2012-4425 http://seclists.org/oss-sec/2012/q3/470
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | gtk/spice-client-glib-usb-acl-helper.c | 24 |
2 files changed, 25 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 4a220d1..c7367cc 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -244,6 +244,8 @@ else | |||
244 | EXTERNAL_PNP_IDS="$with_pnp_ids_path" | 244 | EXTERNAL_PNP_IDS="$with_pnp_ids_path" |
245 | fi | 245 | fi |
246 | 246 | ||
247 | AC_CHECK_FUNCS(clearenv) | ||
248 | |||
247 | PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22) | 249 | PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22) |
248 | AC_SUBST(GLIB2_CFLAGS) | 250 | AC_SUBST(GLIB2_CFLAGS) |
249 | AC_SUBST(GLIB2_LIBS) | 251 | AC_SUBST(GLIB2_LIBS) |
diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c index 724d62a..93b9b3a 100644 --- a/gtk/spice-client-glib-usb-acl-helper.c +++ b/gtk/spice-client-glib-usb-acl-helper.c | |||
@@ -158,7 +158,8 @@ static void cleanup(void) | |||
158 | if (state == STATE_WAITING_FOR_STDIN_EOF) | 158 | if (state == STATE_WAITING_FOR_STDIN_EOF) |
159 | set_facl(path, getuid(), 0); | 159 | set_facl(path, getuid(), 0); |
160 | 160 | ||
161 | g_main_loop_quit(loop); | 161 | if (loop) |
162 | g_main_loop_quit(loop); | ||
162 | } | 163 | } |
163 | 164 | ||
164 | /* Not available in polkit < 0.101 */ | 165 | /* Not available in polkit < 0.101 */ |
@@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error) | |||
311 | } | 312 | } |
312 | #endif | 313 | #endif |
313 | 314 | ||
315 | #ifndef HAVE_CLEARENV | ||
316 | extern char **environ; | ||
317 | |||
318 | static int | ||
319 | clearenv (void) | ||
320 | { | ||
321 | if (environ != NULL) | ||
322 | environ[0] = NULL; | ||
323 | return 0; | ||
324 | } | ||
325 | #endif | ||
326 | |||
314 | int main(void) | 327 | int main(void) |
315 | { | 328 | { |
316 | pid_t parent_pid; | 329 | pid_t parent_pid; |
317 | GInputStream *stdin_unix_stream; | 330 | GInputStream *stdin_unix_stream; |
318 | 331 | ||
332 | /* Nuke the environment to get a well-known and sanitized | ||
333 | * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS | ||
334 | * environment variable and similar. | ||
335 | */ | ||
336 | if (clearenv () != 0) { | ||
337 | FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno)); | ||
338 | return 1; | ||
339 | } | ||
340 | |||
319 | g_type_init(); | 341 | g_type_init(); |
320 | 342 | ||
321 | loop = g_main_loop_new(NULL, FALSE); | 343 | loop = g_main_loop_new(NULL, FALSE); |