[Spice-devel] [spice-gtk] usb-acl-helper: Clear environment
Christophe Fergeau
cfergeau at redhat.com
Fri Sep 14 02:39:50 PDT 2012
From: Colin Walters <walters at verbum.org>
Otherwise we can be subject to attack via environment variables such
as DBUS_SYSTEM_BUS_ADDRESS.
This addresses CVE-2012-4425 http://seclists.org/oss-sec/2012/q3/470
---
configure.ac | 2 ++
gtk/spice-client-glib-usb-acl-helper.c | 24 +++++++++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 4a220d1..c7367cc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -244,6 +244,8 @@ else
EXTERNAL_PNP_IDS="$with_pnp_ids_path"
fi
+AC_CHECK_FUNCS(clearenv)
+
PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22)
AC_SUBST(GLIB2_CFLAGS)
AC_SUBST(GLIB2_LIBS)
diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c
index 724d62a..93b9b3a 100644
--- a/gtk/spice-client-glib-usb-acl-helper.c
+++ b/gtk/spice-client-glib-usb-acl-helper.c
@@ -158,7 +158,8 @@ static void cleanup(void)
if (state == STATE_WAITING_FOR_STDIN_EOF)
set_facl(path, getuid(), 0);
- g_main_loop_quit(loop);
+ if (loop)
+ g_main_loop_quit(loop);
}
/* Not available in polkit < 0.101 */
@@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error)
}
#endif
+#ifndef HAVE_CLEARENV
+extern char **environ;
+
+static int
+clearenv (void)
+{
+ if (environ != NULL)
+ environ[0] = NULL;
+ return 0;
+}
+#endif
+
int main(void)
{
pid_t parent_pid;
GInputStream *stdin_unix_stream;
+ /* Nuke the environment to get a well-known and sanitized
+ * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS
+ * environment variable and similar.
+ */
+ if (clearenv () != 0) {
+ FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno));
+ return 1;
+ }
+
g_type_init();
loop = g_main_loop_new(NULL, FALSE);
--
1.7.11.4
More information about the Spice-devel
mailing list