diff options
Diffstat (limited to 'source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch')
| -rw-r--r-- | source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch | 127 |
1 files changed, 0 insertions, 127 deletions
diff --git a/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch b/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch deleted file mode 100644 index b5d8ae0f..00000000 --- a/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch +++ /dev/null @@ -1,127 +0,0 @@ -From daf3d5c2d15466a267221fcb099c59c870098e03 Mon Sep 17 00:00:00 2001 -From: Philip Withnall <philip.withnall@collabora.co.uk> -Date: Thu, 19 May 2016 10:08:08 +0100 -Subject: [PATCH 05/16] data: Set GIO_USE_VFS=local in the environment - -There is no need for polkit to ever use GVFS to load files from -non-local sources, so it's best to avoid loading GVFS code, and to just -rely on the local implementation in GIO instead. This reduces the attack -surface of polkit. - -Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent, -because none of them need remote file access. - -https://bugs.freedesktop.org/show_bug.cgi?id=95487 ---- - src/polkitbackend/polkitd.c | 4 ++++ - src/programs/pkaction.c | 4 ++++ - src/programs/pkcheck.c | 4 ++++ - src/programs/pkexec.c | 3 +++ - src/programs/pkttyagent.c | 4 ++++ - 5 files changed, 19 insertions(+) - -diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c -index d1527fb..8d54ed7 100644 ---- a/src/polkitbackend/polkitd.c -+++ b/src/polkitbackend/polkitd.c -@@ -22,6 +22,7 @@ - #include "config.h" - - #include <signal.h> -+#include <stdlib.h> - - #include <glib-unix.h> - -@@ -169,6 +170,9 @@ main (int argc, - sigint_id = 0; - registration_id = NULL; - -+ /* Disable remote file access from GIO. */ -+ setenv ("GIO_USE_VFS", "local", 1); -+ - g_type_init (); - - opt_context = g_option_context_new ("polkit system daemon"); -diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c -index f17a7dc..221662a 100644 ---- a/src/programs/pkaction.c -+++ b/src/programs/pkaction.c -@@ -24,6 +24,7 @@ - #endif - - #include <stdio.h> -+#include <stdlib.h> - #include <glib/gi18n.h> - #include <polkit/polkit.h> - -@@ -121,6 +122,9 @@ main (int argc, char *argv[]) - actions = NULL; - ret = 1; - -+ /* Disable remote file access from GIO. */ -+ setenv ("GIO_USE_VFS", "local", 1); -+ - g_type_init (); - - opt_show_version = FALSE; -diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c -index 5781893..33db128 100644 ---- a/src/programs/pkcheck.c -+++ b/src/programs/pkcheck.c -@@ -24,6 +24,7 @@ - #endif - - #include <stdio.h> -+#include <stdlib.h> - #include <glib/gi18n.h> - #include <polkit/polkit.h> - #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE -@@ -362,6 +363,9 @@ main (int argc, char *argv[]) - local_agent_handle = NULL; - ret = 126; - -+ /* Disable remote file access from GIO. */ -+ setenv ("GIO_USE_VFS", "local", 1); -+ - g_type_init (); - - details = polkit_details_new (); -diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c -index 50de92c..3b29b24 100644 ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -503,6 +503,9 @@ main (int argc, char *argv[]) - opt_user = NULL; - local_agent_handle = NULL; - -+ /* Disable remote file access from GIO. */ -+ setenv ("GIO_USE_VFS", "local", 1); -+ - /* check for correct invocation */ - if (geteuid () != 0) - { -diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c -index 423b728..8aac7dd 100644 ---- a/src/programs/pkttyagent.c -+++ b/src/programs/pkttyagent.c -@@ -24,6 +24,7 @@ - #endif - - #include <stdio.h> -+#include <stdlib.h> - #include <glib/gi18n.h> - #include <polkit/polkit.h> - #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE -@@ -74,6 +75,9 @@ main (int argc, char *argv[]) - guint ret = 126; - GVariantBuilder builder; - -+ /* Disable remote file access from GIO. */ -+ setenv ("GIO_USE_VFS", "local", 1); -+ - g_type_init (); - - error = NULL; --- -2.13.0 - |