DBus methods allow reading of any file on the system
As part of packaging sysprof 3.34.0 for openSUSE, our security team audited sysprof, since it contained new DBus and PolicyKit service files. They were concerned that the GetProcFile and GetProcFd methods potentially allow any file on the system to be read (ie, through /proc/1/root/), since they perform no checking of the filename beyond checking that it has a prefix of /proc or /sys. The call to g_file_get_path does not remove symlinks, so it does not check for this. One option would be to add a helper function to check the path and whitelist directories under /proc/sys. But it appears that these methods are only used to read /proc/mounts, /proc/kallsyms, and files under /sys/devices/system/cpu, and all of these files are world-readable, so I wonder whether the work done by these functions couldn't be done simply by calling, ie, g_file_get_contents, without needing to ask for permissions and make IPC calls. Either way, I could work on a patch but wanted to ask for the opinion of a maintainer first.