Fix sandbox escape in GDBusServer (!3005) · Merge requests · GNOME / GLib

msizanoen1 requested to merge msizanoen1/glib:gdbus-server-no-abstract-tmpdir into main Oct 21, 2022

This implements https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/350 for GDBus's server implementation.

Abstract sockets belong to the network namespace instead of the mount namespace. As a result, mount namespace-based sandboxes (e.g. Flatpak) cannot restrict access to abstract sockets (and therefore GDBus's unix:tmpdir= server addresses) at least for applications with network access permission, which may result in sandbox escapes unless the application running the GDBus server explicitly check that the connecting process is not in a sandbox. As of the time of writing, no known applications using GDBusServer does this.

Fix this by always using non-abstract sockets for unix:tmpdir=, which is allowed by the DBus specification.

Edited Oct 21, 2022 by msizanoen1

Fix sandbox escape in GDBusServer

Merge request reports