Commit 20387ee6 authored by Philip Withnall's avatar Philip Withnall
Browse files

gsettingsschema: Ignore GSETTINGS_SCHEMA_DIR when running setuid



As with previous commits, this could have been used to load private data
for an unprivileged caller.
Signed-off-by: Philip Withnall's avatarPhilip Withnall <pwithnall@endlessos.org>

Helps: #2168
parent 55233b6e
......@@ -18,6 +18,7 @@
#include "config.h"
#include "glib-private.h"
#include "gsettingsschema-internal.h"
#include "gsettings.h"
......@@ -343,6 +344,7 @@ initialise_schema_sources (void)
*/
if G_UNLIKELY (g_once_init_enter (&initialised))
{
gboolean is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
const gchar * const *dirs;
const gchar *path;
gchar **extra_schema_dirs;
......@@ -357,7 +359,9 @@ initialise_schema_sources (void)
try_prepend_data_dir (g_get_user_data_dir ());
if ((path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
/* Disallow loading extra schemas if running as setuid, as that could
* allow reading privileged files. */
if (!is_setuid && (path = g_getenv ("GSETTINGS_SCHEMA_DIR")) != NULL)
{
extra_schema_dirs = g_strsplit (path, G_SEARCHPATH_SEPARATOR_S, 0);
for (i = 0; extra_schema_dirs[i]; i++);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment