gvfsdaemon: Check that the connecting client is the same user (e3808a1b) · Commits · GNOME / gvfs · GitLab

Commit e3808a1b authored Jun 05, 2019 by Simon McVittie Committed by Ondrej Holy Jun 06, 2019

gvfsdaemon: Check that the connecting client is the same user



Otherwise, an attacker who learns the abstract socket address from
netstat(8) or similar could connect to it and issue D-Bus method
calls.

Signed-off-by: Simon McVittie <smcv@collabora.com>

parent bed1e968

Hide whitespace changes

Inline Side-by-side

Simon McVittie @smcv · Jun 11, 2019

Author Developer

CVE-2019-12795 has been assigned for the vulnerability fixed by this commit.

CVE-2019-12795 has been assigned for the vulnerability fixed by this commit.

Please register or to comment