diff options
author | Colin Walters <walters@verbum.org> | 2012-09-28 10:05:59 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2012-09-28 12:55:38 -0400 |
commit | d7ffad72146c2329692e0cf32eb1ac1dbb4fb51c (patch) | |
tree | a6c37385fc5898428dde96c647be3c8567114f39 | |
parent | c27c5004132e597a8f386be6f9e4235519096398 (diff) |
hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()
This is a further security measure for the case of Linux/glibc
when we're linked into a binary that's using filesystem capabilities
or SELinux domain transitions (i.e. not plain old setuid).
In this case, _dbus_getenv () will return NULL because it will
use __secure_getenv(), which handles those via AT_SECURE.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
-rw-r--r-- | dbus/dbus-keyring.c | 6 | ||||
-rw-r--r-- | dbus/dbus-sysdeps-unix.c | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 3b9ce315..2516bc34 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -718,6 +718,12 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials, _DBUS_ASSERT_ERROR_IS_CLEAR (error); + if (_dbus_getenv ("HOME") == NULL) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to create DBus keyring with no $HOME"); + return FALSE; + } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index b4ecc96e..6fa5bcb6 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3434,6 +3434,12 @@ _dbus_get_autolaunch_address (const char *scope, DBusString uuid; dbus_bool_t retval; + if (_dbus_getenv ("PATH") == NULL) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to autolaunch when PATH is unset"); + return FALSE; + } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, |