From 424ea43022b194822834d8cd9dab4bba1a03532e Mon Sep 17 00:00:00 2001
From: Geoffrey Thomas <gthomas@mokafive.com>
Date: Thu, 27 Sep 2012 22:02:06 -0700
Subject: [PATCH] activation-helper: Bypass _dbus_getenv filtering by using
 getenv

The fix for CVE-2012-3524 filters out all environment variables if
libdbus is used from a setuid program, to prevent various spoofing
attacks. Unfortunately, the activation helper is a setuid program
linking libdbus. Since it does its own environment filtering, and
specifically needs some environment variables, it should just use getenv
directly.

This fixes a regression in environments using the activation helper
(dbus-daemon-launch-helper): daemons launched through the activation
helper that ask for their starter bus are no longer able to find it,
since DBUS_STARTER_ADDRESS is unset for them.

Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
---
 bus/activation-helper.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bus/activation-helper.c b/bus/activation-helper.c
index ab9d601..f219d64 100644
--- a/bus/activation-helper.c
+++ b/bus/activation-helper.c
@@ -149,11 +149,11 @@ clear_environment (DBusError *error)
   const char *debug_env = NULL;
 
   /* are we debugging */
-  debug_env = _dbus_getenv ("DBUS_VERBOSE");
+  debug_env = getenv ("DBUS_VERBOSE");
 #endif
 
   /* we save the starter */
-  starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS");
+  starter_env = getenv ("DBUS_STARTER_ADDRESS");
 
 #ifndef ACTIVATION_LAUNCHER_TEST
   /* totally clear the environment */
-- 
1.7.10.4