PolicyKit: Branch 'master'

Mon Jun 6 16:33:58 UTC 2016

src/polkitbackend/polkitd.c |    4 ++++
 src/programs/pkaction.c     |    4 ++++
 src/programs/pkcheck.c      |    4 ++++
 src/programs/pkexec.c       |    3 +++
 src/programs/pkttyagent.c   |    4 ++++
 5 files changed, 19 insertions(+)

New commits:
commit daf3d5c2d15466a267221fcb099c59c870098e03
Author: Philip Withnall <philip.withnall at collabora.co.uk>
Date:   Thu May 19 10:08:08 2016 +0100

    data: Set GIO_USE_VFS=local in the environment
    
    There is no need for polkit to ever use GVFS to load files from
    non-local sources, so it's best to avoid loading GVFS code, and to just
    rely on the local implementation in GIO instead. This reduces the attack
    surface of polkit.
    
    Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent,
    because none of them need remote file access.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=95487

diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c
index d1527fb..8d54ed7 100644
--- a/src/polkitbackend/polkitd.c
+++ b/src/polkitbackend/polkitd.c
@@ -22,6 +22,7 @@
 #include "config.h"
 
 #include <signal.h>
+#include <stdlib.h>
 
 #include <glib-unix.h>
 
@@ -169,6 +170,9 @@ main (int    argc,
   sigint_id = 0;
   registration_id = NULL;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   opt_context = g_option_context_new ("polkit system daemon");
diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
index f17a7dc..221662a 100644
--- a/src/programs/pkaction.c
+++ b/src/programs/pkaction.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <glib/gi18n.h>
 #include <polkit/polkit.h>
 
@@ -121,6 +122,9 @@ main (int argc, char *argv[])
   actions = NULL;
   ret = 1;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   opt_show_version = FALSE;
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
index 5781893..33db128 100644
--- a/src/programs/pkcheck.c
+++ b/src/programs/pkcheck.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <glib/gi18n.h>
 #include <polkit/polkit.h>
 #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
@@ -362,6 +363,9 @@ main (int argc, char *argv[])
   local_agent_handle = NULL;
   ret = 126;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   details = polkit_details_new ();
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 50de92c..3b29b24 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -503,6 +503,9 @@ main (int argc, char *argv[])
   opt_user = NULL;
   local_agent_handle = NULL;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   /* check for correct invocation */
   if (geteuid () != 0)
     {
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
index 423b728..8aac7dd 100644
--- a/src/programs/pkttyagent.c
+++ b/src/programs/pkttyagent.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <glib/gi18n.h>
 #include <polkit/polkit.h>
 #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
@@ -74,6 +75,9 @@ main (int argc, char *argv[])
   guint ret = 126;
   GVariantBuilder builder;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   error = NULL;
