From: Geoffrey Thomas Date: Fri, 28 Sep 2012 05:02:06 +0000 (-0700) Subject: activation-helper: Ensure DBUS_STARTER_ADDRESS is set correctly X-Git-Tag: dbus-1.7.0~46 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f68dbdc3e6f895012ce33939fb524accf31bcca5;p=thirdparty%2Fdbus.git activation-helper: Ensure DBUS_STARTER_ADDRESS is set correctly The fix for CVE-2012-3524 filters out all environment variables if libdbus is used from a setuid program, to prevent various spoofing attacks. Unfortunately, the activation helper is a setuid program linking libdbus, and this creates a regression for launched programs using DBUS_STARTER_ADDRESS, since it will no longer exist. Fix this by hardcoding the starter address to the default system bus address. Signed-off-by: Geoffrey Thomas Signed-off-by: Colin Walters --- diff --git a/bus/activation-helper.c b/bus/activation-helper.c index 7864e0fe7..cbc00d2fb 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -140,15 +140,12 @@ out_all: return desktop_file; } -/* Clears the environment, except for DBUS_STARTER_x */ +/* Clears the environment, except for DBUS_STARTER_x, + * which we hardcode to the system bus. + */ static dbus_bool_t clear_environment (DBusError *error) { - const char *starter_env = NULL; - - /* we save the starter */ - starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS"); - #ifndef ACTIVATION_LAUNCHER_TEST /* totally clear the environment */ if (!_dbus_clearenv ()) @@ -159,11 +156,8 @@ clear_environment (DBusError *error) } #endif - /* restore the starter */ - if (starter_env) - _dbus_setenv ("DBUS_STARTER_ADDRESS", starter_env); - - /* set the type, which must be system if we got this far */ + /* Ensure the bus is set to system */ + _dbus_setenv ("DBUS_STARTER_ADDRESS", DBUS_SYSTEM_BUS_DEFAULT_ADDRESS); _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system"); return TRUE;