gnome-session/0001-autostart-app-Strip-blacklisted-variables-from-autos.patch

From 60e619b8a2cacc7b844fe6f0e206c895de68f890 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Mon, 7 Oct 2019 22:47:24 +0200
Subject: [PATCH] autostart-app: Strip blacklisted variables from autostart
 environment

So far the blacklisted variables were not actively striped from the
environment of XDG autostart applications. Update the code to explicitly
unset the variables, preventing e.g. NOTIFY_SOCKET to be leaked to
children.

Fixes: #36
---
 gnome-session/gsm-autostart-app.c | 5 +++++
 gnome-session/gsm-util.c          | 6 ++++++
 gnome-session/gsm-util.h          | 1 +
 3 files changed, 12 insertions(+)

diff --git a/gnome-session/gsm-autostart-app.c b/gnome-session/gsm-autostart-app.c
index 01ba5f9a..6fd5915a 100644
--- a/gnome-session/gsm-autostart-app.c
+++ b/gnome-session/gsm-autostart-app.c
@@ -997,6 +997,7 @@ autostart_app_start_spawn (GsmAutostartApp *app,
         gboolean         success;
         GError          *local_error;
         const char      *startup_id;
+        const char * const *variable_blacklist;
         const char * const *child_environment;
         int i;
         GAppLaunchContext *ctx;
@@ -1013,6 +1014,10 @@ autostart_app_start_spawn (GsmAutostartApp *app,
         local_error = NULL;
         ctx = g_app_launch_context_new ();
 
+        variable_blacklist = gsm_util_get_variable_blacklist ();
+        for (i = 0; variable_blacklist[i] != NULL; i++)
+                g_app_launch_context_unsetenv (ctx, variable_blacklist[i]);
+
         child_environment = gsm_util_listenv ();
         for (i = 0; child_environment[i] != NULL; i++) {
                 char **environment_tuple;
diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
index ada12253..02bc4a57 100644
--- a/gnome-session/gsm-util.c
+++ b/gnome-session/gsm-util.c
@@ -808,3 +808,9 @@ gsm_util_listenv (void)
         return (const char * const *) child_environment;
 
 }
+
+const char * const *
+gsm_util_get_variable_blacklist (void)
+{
+        return variable_blacklist;
+}
diff --git a/gnome-session/gsm-util.h b/gnome-session/gsm-util.h
index 8bca5f4d..bd7b6986 100644
--- a/gnome-session/gsm-util.h
+++ b/gnome-session/gsm-util.h
@@ -50,6 +50,7 @@ char *      gsm_util_generate_startup_id            (void);
 void        gsm_util_setenv                         (const char *variable,
                                                      const char *value);
 const char * const * gsm_util_listenv               (void);
+const char * const * gsm_util_get_variable_blacklist(void);
 
 gboolean    gsm_util_export_activation_environment  (GError     **error);
 #ifdef HAVE_SYSTEMD
-- 
2.23.0