From 424ea43022b194822834d8cd9dab4bba1a03532e Mon Sep 17 00:00:00 2001 From: Geoffrey Thomas Date: Thu, 27 Sep 2012 22:02:06 -0700 Subject: [PATCH] activation-helper: Bypass _dbus_getenv filtering by using getenv The fix for CVE-2012-3524 filters out all environment variables if libdbus is used from a setuid program, to prevent various spoofing attacks. Unfortunately, the activation helper is a setuid program linking libdbus. Since it does its own environment filtering, and specifically needs some environment variables, it should just use getenv directly. This fixes a regression in environments using the activation helper (dbus-daemon-launch-helper): daemons launched through the activation helper that ask for their starter bus are no longer able to find it, since DBUS_STARTER_ADDRESS is unset for them. Signed-off-by: Geoffrey Thomas --- bus/activation-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bus/activation-helper.c b/bus/activation-helper.c index ab9d601..f219d64 100644 --- a/bus/activation-helper.c +++ b/bus/activation-helper.c @@ -149,11 +149,11 @@ clear_environment (DBusError *error) const char *debug_env = NULL; /* are we debugging */ - debug_env = _dbus_getenv ("DBUS_VERBOSE"); + debug_env = getenv ("DBUS_VERBOSE"); #endif /* we save the starter */ - starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS"); + starter_env = getenv ("DBUS_STARTER_ADDRESS"); #ifndef ACTIVATION_LAUNCHER_TEST /* totally clear the environment */ -- 1.7.10.4