Ensure only one dbus-daemon is spawned for all shells sharing a single connection.

Resolves: #2189201
This commit is contained in:
Ray Strode 2023-04-24 11:54:07 -04:00
parent ee7d9657fc
commit 682e320f1d
4 changed files with 36 additions and 2 deletions

View File

@ -7,8 +7,10 @@
exec >& /dev/null exec >& /dev/null
MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir) MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir)
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
trap 'rm -f "${MONITOR_READY_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT trap 'rm -f "${MONITOR_READY_FILE}"; rm -f "${DBUS_SESSION_ADDRESS_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT
export GVFS_DISABLE_FUSE=1 export GVFS_DISABLE_FUSE=1
coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}") coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}")

View File

@ -19,7 +19,7 @@
Name: dbus Name: dbus
Epoch: 1 Epoch: 1
Version: 1.12.8 Version: 1.12.8
Release: 24%{?dist} Release: 25%{?dist}
Summary: D-BUS message bus Summary: D-BUS message bus
Group: System Environment/Libraries Group: System Environment/Libraries
@ -421,6 +421,11 @@ popd
%{_includedir}/* %{_includedir}/*
%changelog %changelog
* Mon Apr 24 2023 Ray Strode <rstrode@redhat.com> - 1.12.8-25
- Ensure only one dbus-daemon is spawned for all shells sharing
a single connection.
Resolves: #2189201
* Wed Oct 19 2022 David King <dking@redhat.com> - 1:1.12.8-24 * Wed Oct 19 2022 David King <dking@redhat.com> - 1:1.12.8-24
- Fix CVE-2022-42010 (#2133645) - Fix CVE-2022-42010 (#2133645)
- Fix CVE-2022-42011 (#2133639) - Fix CVE-2022-42011 (#2133639)

View File

@ -1,10 +1,24 @@
# DBus session bus over SSH with X11 forwarding # DBus session bus over SSH with X11 forwarding
if ( $?SSH_CONNECTION == 0 ) exit if ( $?SSH_CONNECTION == 0 ) exit
if ( $?XDG_SESSION_ID == 0) exit
if ( $?DISPLAY == 0 ) exit if ( $?DISPLAY == 0 ) exit
if ( $SHLVL > 1 ) exit if ( $SHLVL > 1 ) exit
set DBUS_SESSIONS = "${XDG_RUNTIME_DIR}/dbus-1/sessions"
set DBUS_SESSION_ADDRESS_FILE = "${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if ( -e "${DBUS_SESSION_ADDRESS_FILE}" ) then
setenv DBUS_SESSION_BUS_ADDRESS "`cat ${DBUS_SESSION_ADDRESS_FILE}`"
exit
endif
setenv GDK_BACKEND x11 setenv GDK_BACKEND x11
eval `dbus-launch --csh-syntax` eval `dbus-launch --csh-syntax`
if ( $?DBUS_SESSION_BUS_PID == 0 ) exit if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID

View File

@ -1,12 +1,25 @@
# DBus session bus over SSH with X11 forwarding # DBus session bus over SSH with X11 forwarding
[ -z "$SSH_CONNECTION" ] && return [ -z "$SSH_CONNECTION" ] && return
[ -z "$XDG_SESSION_ID" ] && return
[ -z "$DISPLAY" ] && return [ -z "$DISPLAY" ] && return
[ "${DISPLAY:0:1}" = ":" ] && return [ "${DISPLAY:0:1}" = ":" ] && return
[ "$SHLVL" -ne 1 ] && return [ "$SHLVL" -ne 1 ] && return
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if [ -e "${DBUS_SESSION_ADDRESS_FILE}" ]; then
export DBUS_SESSION_BUS_ADDRESS="$(cat ${DBUS_SESSION_ADDRESS_FILE})"
return
fi
export GDK_BACKEND=x11 export GDK_BACKEND=x11
eval `dbus-launch --sh-syntax` eval `dbus-launch --sh-syntax`
[ -z "$DBUS_SESSION_BUS_PID" ] && return [ -z "$DBUS_SESSION_BUS_PID" ] && return
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID" setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"