1. 13 Sep, 2012 1 commit
    • Colin Walters's avatar
      CVE-2012-3524: Hardening for being run in a setuid environment · d6cbb29f
      Colin Walters authored
      Some programs attempt to use libglib (or even libgio) when setuid.
      For a long time, GTK+ simply aborted if launched in this
      configuration, but we never had a real policy for GLib.
      
      I'm not sure whether we should advertise such support.  However, given
      that there are real-world programs that do this currently, we can make
      them safer with not too much effort.
      
      Better to fix a problem caused by an interaction between two
      components in *both* places if possible.
      
      This patch adds a private function g_check_setuid() which is used to
      first ensure we don't run an external dbus-launch binary if
      DBUS_SESSION_BUS_ADDRESS isn't set.
      
      Second, we also ensure the local VFS is used in this case.  The
      gdaemonvfs extension point will end up talking to the session bus
      which is typically undesirable in a setuid context.
      
      Implementing g_check_setuid() is interesting - whether or not we're
      running in a privilege-escalated path is operating system specific.
      Note that GTK+'s code to check euid versus uid worked historically on
      Unix, more modern systems have filesystem capabilities and SELinux
      domain transitions, neither of which are captured by the uid
      comparison.
      
      On Linux/glibc, the way this works is that the kernel sets an
      AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
      startup.  If found, then glibc sets a public-but-undocumented
      __libc_enable_secure variable which we can use.  Unfortunately, while
      it *previously* worked to check this variable, a combination of newer
      binutils and RPM break it:
      http://www.openwall.com/lists/owl-dev/2012/08/14/1
      
      So for now on Linux/glibc, we fall back to the historical Unix version
      until we get glibc fixed.
      
      On some BSD variants, there is a issetugid() function.  On other Unix
      variants, we fall back to what GTK+ has been doing.
      Reported-By: 's avatarSebastian Krahmer <krahmer@suse.de>
      Signed-off-by: Colin Walters's avatarColin Walters <walters@verbum.org>
      d6cbb29f
  2. 16 Jul, 2012 2 commits
  3. 22 May, 2012 2 commits
  4. 15 Feb, 2012 1 commit
    • Christian Persch's avatar
      Plug a mem leak in g_environ_unsetenv · 26f238e8
      Christian Persch authored
      And clarify the memory allocation requirement of the string arrays passed to
      g_environ_{,un}setenv().
      
      ==9458== 10 bytes in 1 blocks are definitely lost in loss record 16 of 39
      ==9458==    at 0x402AD89: malloc (vg_replace_malloc.c:236)
      ==9458==    by 0x4221A1F: vasprintf (vasprintf.c:78)
      ==9458==    by 0x40C6065: g_vasprintf (gprintf.c:314)
      ==9458==    by 0x409D894: g_strdup_vprintf (gstrfuncs.c:509)
      ==9458==    by 0x409D8C9: g_strdup_printf (gstrfuncs.c:535)
      ==9458==    by 0x40672E9: g_environ_setenv (genviron.c:156)
      ==9458==    by 0x80490E7: test_environ_array (environment.c:78)
      ==9458==    by 0x40A3DB5: test_case_run (gtestutils.c:1662)
      ==9458==    by 0x40A40B2: g_test_run_suite_internal (gtestutils.c:1715)
      ==9458==    by 0x40A417C: g_test_run_suite_internal (gtestutils.c:1726)
      ==9458==    by 0x40A42F9: g_test_run_suite (gtestutils.c:1771)
      ==9458==    by 0x40A3441: g_test_run (gtestutils.c:1319)
      ==9458==    by 0x80493F1: main (environment.c:108)
      
      Bug #669412.
      26f238e8
  5. 05 Feb, 2012 2 commits
    • Christian Persch's avatar
      Revert "Plug a mem leak in g_environ_unsetenv" · 7e9aed94
      Christian Persch authored
      This reverts commit 2f4b46e3, which was
      pushed accidentally.
      7e9aed94
    • Christian Persch's avatar
      Plug a mem leak in g_environ_unsetenv · 2f4b46e3
      Christian Persch authored
      ==9458== 10 bytes in 1 blocks are definitely lost in loss record 16 of 39
      ==9458==    at 0x402AD89: malloc (vg_replace_malloc.c:236)
      ==9458==    by 0x4221A1F: vasprintf (vasprintf.c:78)
      ==9458==    by 0x40C6065: g_vasprintf (gprintf.c:314)
      ==9458==    by 0x409D894: g_strdup_vprintf (gstrfuncs.c:509)
      ==9458==    by 0x409D8C9: g_strdup_printf (gstrfuncs.c:535)
      ==9458==    by 0x40672E9: g_environ_setenv (genviron.c:156)
      ==9458==    by 0x80490E7: test_environ_array (environment.c:78)
      ==9458==    by 0x40A3DB5: test_case_run (gtestutils.c:1662)
      ==9458==    by 0x40A40B2: g_test_run_suite_internal (gtestutils.c:1715)
      ==9458==    by 0x40A417C: g_test_run_suite_internal (gtestutils.c:1726)
      ==9458==    by 0x40A42F9: g_test_run_suite (gtestutils.c:1771)
      ==9458==    by 0x40A3441: g_test_run (gtestutils.c:1319)
      ==9458==    by 0x80493F1: main (environment.c:108)
      
      Bug #669412.
      2f4b46e3
  6. 17 Oct, 2011 4 commits
    • Chun-wei Fan's avatar
      GLib: Add forgotten includes and build fixes · b25177fc
      Chun-wei Fan authored
      -gcharset.c, genviron.c, gunicollate.c: Some headers were missed in those
       files that triggered C4013 warnings/errors (aka. implicit declaration
       of ... in GCC).  Make up for them here.
      -gwin32.h: Only define g_win32_get_package_installation_directory/
       g_win32_get_package_installation_subdirectory as macros
       (alias of g_win32_get_package_installation_directory_utf8/
       g_win32_get_package_installation_subdirectory_utf8) on Win64 (x64) as
       g_win32_get_package_installation_directory/
       g_win32_get_package_installation_subdirectory have seperate existing
       implmentations for Win32-this is a long-standing problem but was covered-
       up by G_DISABLE_DEPRECATED, which we are stopping to use as of 2.31.0.
      b25177fc
    • Matthias Clasen's avatar
      Trivial · f8a74713
      Matthias Clasen authored
      f8a74713
    • Matthias Clasen's avatar
      Reshuffle genviron.c · fbe24cab
      Matthias Clasen authored
      Split win32 functions off into their own section, instead
      of having large and unwieldy ifdef sections inside each function.
      
      Also move the compat versions of env functions over from gutils.c
      fbe24cab
    • Allison Karlitskaya's avatar
      genviron: #include fixups · 1b018a8b
      Allison Karlitskaya authored
      1b018a8b
  7. 15 Oct, 2011 1 commit