Blame SOURCES/polkit-0.112-XDG_RUNTIME_DIR.patch

51ea8e
From 8635ffc16aeff6a07d675f861fe0dea03ea81d7e Mon Sep 17 00:00:00 2001
51ea8e
From: Colin Walters <walters@verbum.org>
51ea8e
Date: Thu, 21 Nov 2013 17:39:37 -0500
51ea8e
Subject: [PATCH] pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR
51ea8e
51ea8e
This workaround isn't too much code, and it's often better to fix bugs
51ea8e
in two places anyways.
51ea8e
51ea8e
For more information:
51ea8e
51ea8e
See https://bugzilla.redhat.com/show_bug.cgi?id=753882
51ea8e
See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html
51ea8e
---
51ea8e
 src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++---
51ea8e
 1 file changed, 30 insertions(+), 3 deletions(-)
51ea8e
51ea8e
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
51ea8e
index 005e1fe..a7ca8e0 100644
51ea8e
--- a/src/programs/pkexec.c
51ea8e
+++ b/src/programs/pkexec.c
51ea8e
@@ -143,8 +143,22 @@ pam_conversation_function (int n,
51ea8e
   return PAM_CONV_ERR;
51ea8e
 }
51ea8e
 
51ea8e
+/* A work around for:
51ea8e
+ * https://bugzilla.redhat.com/show_bug.cgi?id=753882
51ea8e
+ */
51ea8e
+static gboolean
51ea8e
+xdg_runtime_dir_is_owned_by (const char *path,
51ea8e
+			     uid_t       target_uid)
51ea8e
+{
51ea8e
+  struct stat stbuf;
51ea8e
+
51ea8e
+  return stat (path, &stbuf) == 0 &&
51ea8e
+    stbuf.st_uid == target_uid;
51ea8e
+}
51ea8e
+
51ea8e
 static gboolean
51ea8e
-open_session (const gchar *user_to_auth)
51ea8e
+open_session (const gchar *user_to_auth,
51ea8e
+	      uid_t        target_uid)
51ea8e
 {
51ea8e
   gboolean ret;
51ea8e
   gint rc;
51ea8e
@@ -186,7 +200,19 @@ open_session (const gchar *user_to_auth)
51ea8e
     {
51ea8e
       guint n;
51ea8e
       for (n = 0; envlist[n]; n++)
51ea8e
-        putenv (envlist[n]);
51ea8e
+	{
51ea8e
+	  const char *envitem = envlist[n];
51ea8e
+	  
51ea8e
+	  if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR="))
51ea8e
+	    {
51ea8e
+	      const char *eq = strchr (envitem, '=');
51ea8e
+	      g_assert (eq);
51ea8e
+	      if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid))
51ea8e
+		continue;
51ea8e
+	    }
51ea8e
+
51ea8e
+	  putenv (envlist[n]);
51ea8e
+	}
51ea8e
       free (envlist);
51ea8e
     }
51ea8e
 
51ea8e
@@ -913,7 +939,8 @@ main (int argc, char *argv[])
51ea8e
    * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
51ea8e
    */
51ea8e
 #ifdef POLKIT_AUTHFW_PAM
51ea8e
-  if (!open_session (pw->pw_name))
51ea8e
+  if (!open_session (pw->pw_name,
51ea8e
+		     pw->pw_uid))
51ea8e
     {
51ea8e
       goto out;
51ea8e
     }
51ea8e
-- 
51ea8e
1.8.3.1
51ea8e