summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2012-08-22 10:03:34 -0400
committerColin Walters <walters@verbum.org>2012-09-27 21:10:28 -0400
commit23fe78ceefb6cefcd58a49c77d1154b68478c8d2 (patch)
tree36d29e19d7a984f98dc1021c3ea3c8fac0e504f4 /configure.ac
parent4d0a69027e6d089bab15ff7e844a0ab08256620c (diff)
CVE-2012-3524: Don't access environment variables or run dbus-launch when setuid
This matches a corresponding change in GLib. See glib/gutils.c:g_check_setuid(). Some programs attempt to use libdbus when setuid; notably the X.org server is shipped in such a configuration. libdbus never had an explicit policy about its use in setuid programs. I'm not sure whether we should advertise such support. However, given that there are real-world programs that do this currently, we can make them safer with not too much effort. Better to fix a problem caused by an interaction between two components in *both* places if possible. How to determine whether or not we're running in a privilege-escalated path is operating system specific. Note that GTK+'s code to check euid versus uid worked historically on Unix, more modern systems have filesystem capabilities and SELinux domain transitions, neither of which are captured by the uid comparison. On Linux/glibc, the way this works is that the kernel sets an AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on startup. If found, then glibc sets a public-but-undocumented __libc_enable_secure variable which we can use. Unfortunately, while it *previously* worked to check this variable, a combination of newer binutils and RPM break it: http://www.openwall.com/lists/owl-dev/2012/08/14/1 So for now on Linux/glibc, we fall back to the historical Unix version until we get glibc fixed. On some BSD variants, there is a issetugid() function. On other Unix variants, we fall back to what GTK+ has been doing. Reported-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Colin Walters <walters@verbum.org>
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac2
1 files changed, 1 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index e2c9bdf7..b0f2ec20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -595,7 +595,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension]
AC_SEARCH_LIBS(socket,[socket network])
AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)])
-AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull)
+AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid)
AC_CHECK_HEADERS([syslog.h])
if test "x$ac_cv_header_syslog_h" = "xyes"; then