Package: policykit-1 / 0.105-15~deb8u2

0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
From: Colin Walters <walters@verbum.org>
Date: Thu, 21 Nov 2013 17:39:37 -0500
Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR

This workaround isn't too much code, and it's often better to fix bugs
in two places anyways.

For more information:

See https://bugzilla.redhat.com/show_bug.cgi?id=753882
See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html

Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e
---
 src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 9a0570a..5e99044 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -139,8 +139,22 @@ pam_conversation_function (int n,
   return PAM_CONV_ERR;
 }
 
+/* A work around for:
+ * https://bugzilla.redhat.com/show_bug.cgi?id=753882
+ */
+static gboolean
+xdg_runtime_dir_is_owned_by (const char *path,
+			     uid_t       target_uid)
+{
+  struct stat stbuf;
+
+  return stat (path, &stbuf) == 0 &&
+    stbuf.st_uid == target_uid;
+}
+
 static gboolean
-open_session (const gchar *user_to_auth)
+open_session (const gchar *user_to_auth,
+	      uid_t        target_uid)
 {
   gboolean ret;
   gint rc;
@@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth)
     {
       guint n;
       for (n = 0; envlist[n]; n++)
-        putenv (envlist[n]);
+	{
+	  const char *envitem = envlist[n];
+	  
+	  if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR="))
+	    {
+	      const char *eq = strchr (envitem, '=');
+	      g_assert (eq);
+	      if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid))
+		continue;
+	    }
+
+	  putenv (envlist[n]);
+	}
       free (envlist);
     }
 
@@ -892,7 +918,8 @@ main (int argc, char *argv[])
    * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
    */
 #ifdef POLKIT_AUTHFW_PAM
-  if (!open_session (pw->pw_name))
+  if (!open_session (pw->pw_name,
+		     pw->pw_uid))
     {
       goto out;
     }