From efbf867bb88845d5edf839550b54494b1bb752b9 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 14 Sep 2012 11:21:28 +0200 Subject: usb-acl-helper: Clear environment Otherwise we can be subject to attack via environment variables such as DBUS_SYSTEM_BUS_ADDRESS. This addresses CVE-2012-4425 http://seclists.org/oss-sec/2012/q3/470 --- configure.ac | 2 ++ gtk/spice-client-glib-usb-acl-helper.c | 24 +++++++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 4a220d1..c7367cc 100644 --- a/configure.ac +++ b/configure.ac @@ -244,6 +244,8 @@ else EXTERNAL_PNP_IDS="$with_pnp_ids_path" fi +AC_CHECK_FUNCS(clearenv) + PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22) AC_SUBST(GLIB2_CFLAGS) AC_SUBST(GLIB2_LIBS) diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c index 724d62a..93b9b3a 100644 --- a/gtk/spice-client-glib-usb-acl-helper.c +++ b/gtk/spice-client-glib-usb-acl-helper.c @@ -158,7 +158,8 @@ static void cleanup(void) if (state == STATE_WAITING_FOR_STDIN_EOF) set_facl(path, getuid(), 0); - g_main_loop_quit(loop); + if (loop) + g_main_loop_quit(loop); } /* Not available in polkit < 0.101 */ @@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error) } #endif +#ifndef HAVE_CLEARENV +extern char **environ; + +static int +clearenv (void) +{ + if (environ != NULL) + environ[0] = NULL; + return 0; +} +#endif + int main(void) { pid_t parent_pid; GInputStream *stdin_unix_stream; + /* Nuke the environment to get a well-known and sanitized + * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS + * environment variable and similar. + */ + if (clearenv () != 0) { + FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno)); + return 1; + } + g_type_init(); loop = g_main_loop_new(NULL, FALSE); -- cgit v1.2.3