summaryrefslogtreecommitdiff
path: root/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch')
-rw-r--r--source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch127
1 files changed, 0 insertions, 127 deletions
diff --git a/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch b/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch
deleted file mode 100644
index b5d8ae0f..00000000
--- a/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From daf3d5c2d15466a267221fcb099c59c870098e03 Mon Sep 17 00:00:00 2001
-From: Philip Withnall <philip.withnall@collabora.co.uk>
-Date: Thu, 19 May 2016 10:08:08 +0100
-Subject: [PATCH 05/16] data: Set GIO_USE_VFS=local in the environment
-
-There is no need for polkit to ever use GVFS to load files from
-non-local sources, so it's best to avoid loading GVFS code, and to just
-rely on the local implementation in GIO instead. This reduces the attack
-surface of polkit.
-
-Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent,
-because none of them need remote file access.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=95487
----
- src/polkitbackend/polkitd.c | 4 ++++
- src/programs/pkaction.c | 4 ++++
- src/programs/pkcheck.c | 4 ++++
- src/programs/pkexec.c | 3 +++
- src/programs/pkttyagent.c | 4 ++++
- 5 files changed, 19 insertions(+)
-
-diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c
-index d1527fb..8d54ed7 100644
---- a/src/polkitbackend/polkitd.c
-+++ b/src/polkitbackend/polkitd.c
-@@ -22,6 +22,7 @@
- #include "config.h"
-
- #include <signal.h>
-+#include <stdlib.h>
-
- #include <glib-unix.h>
-
-@@ -169,6 +170,9 @@ main (int argc,
- sigint_id = 0;
- registration_id = NULL;
-
-+ /* Disable remote file access from GIO. */
-+ setenv ("GIO_USE_VFS", "local", 1);
-+
- g_type_init ();
-
- opt_context = g_option_context_new ("polkit system daemon");
-diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
-index f17a7dc..221662a 100644
---- a/src/programs/pkaction.c
-+++ b/src/programs/pkaction.c
-@@ -24,6 +24,7 @@
- #endif
-
- #include <stdio.h>
-+#include <stdlib.h>
- #include <glib/gi18n.h>
- #include <polkit/polkit.h>
-
-@@ -121,6 +122,9 @@ main (int argc, char *argv[])
- actions = NULL;
- ret = 1;
-
-+ /* Disable remote file access from GIO. */
-+ setenv ("GIO_USE_VFS", "local", 1);
-+
- g_type_init ();
-
- opt_show_version = FALSE;
-diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
-index 5781893..33db128 100644
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -24,6 +24,7 @@
- #endif
-
- #include <stdio.h>
-+#include <stdlib.h>
- #include <glib/gi18n.h>
- #include <polkit/polkit.h>
- #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
-@@ -362,6 +363,9 @@ main (int argc, char *argv[])
- local_agent_handle = NULL;
- ret = 126;
-
-+ /* Disable remote file access from GIO. */
-+ setenv ("GIO_USE_VFS", "local", 1);
-+
- g_type_init ();
-
- details = polkit_details_new ();
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 50de92c..3b29b24 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -503,6 +503,9 @@ main (int argc, char *argv[])
- opt_user = NULL;
- local_agent_handle = NULL;
-
-+ /* Disable remote file access from GIO. */
-+ setenv ("GIO_USE_VFS", "local", 1);
-+
- /* check for correct invocation */
- if (geteuid () != 0)
- {
-diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
-index 423b728..8aac7dd 100644
---- a/src/programs/pkttyagent.c
-+++ b/src/programs/pkttyagent.c
-@@ -24,6 +24,7 @@
- #endif
-
- #include <stdio.h>
-+#include <stdlib.h>
- #include <glib/gi18n.h>
- #include <polkit/polkit.h>
- #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
-@@ -74,6 +75,9 @@ main (int argc, char *argv[])
- guint ret = 126;
- GVariantBuilder builder;
-
-+ /* Disable remote file access from GIO. */
-+ setenv ("GIO_USE_VFS", "local", 1);
-+
- g_type_init ();
-
- error = NULL;
---
-2.13.0
-