61 lines
1.5 KiB
Diff
61 lines
1.5 KiB
Diff
|
diff --git a/configure.ac b/configure.ac
|
||
|
index 3841c56..b2defd3 100644
|
||
|
--- a/configure.ac
|
||
|
+++ b/configure.ac
|
||
|
@@ -243,6 +243,8 @@ else
|
||
|
EXTERNAL_PNP_IDS="$with_pnp_ids_path"
|
||
|
fi
|
||
|
|
||
|
+AC_CHECK_FUNCS(clearenv)
|
||
|
+
|
||
|
PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22)
|
||
|
AC_SUBST(GLIB2_CFLAGS)
|
||
|
AC_SUBST(GLIB2_LIBS)
|
||
|
diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c
|
||
|
index 724d62a..93b9b3a 100644
|
||
|
--- a/gtk/spice-client-glib-usb-acl-helper.c
|
||
|
+++ b/gtk/spice-client-glib-usb-acl-helper.c
|
||
|
@@ -158,7 +158,8 @@ static void cleanup(void)
|
||
|
if (state == STATE_WAITING_FOR_STDIN_EOF)
|
||
|
set_facl(path, getuid(), 0);
|
||
|
|
||
|
- g_main_loop_quit(loop);
|
||
|
+ if (loop)
|
||
|
+ g_main_loop_quit(loop);
|
||
|
}
|
||
|
|
||
|
/* Not available in polkit < 0.101 */
|
||
|
@@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error)
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
+#ifndef HAVE_CLEARENV
|
||
|
+extern char **environ;
|
||
|
+
|
||
|
+static int
|
||
|
+clearenv (void)
|
||
|
+{
|
||
|
+ if (environ != NULL)
|
||
|
+ environ[0] = NULL;
|
||
|
+ return 0;
|
||
|
+}
|
||
|
+#endif
|
||
|
+
|
||
|
int main(void)
|
||
|
{
|
||
|
pid_t parent_pid;
|
||
|
GInputStream *stdin_unix_stream;
|
||
|
|
||
|
+ /* Nuke the environment to get a well-known and sanitized
|
||
|
+ * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS
|
||
|
+ * environment variable and similar.
|
||
|
+ */
|
||
|
+ if (clearenv () != 0) {
|
||
|
+ FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno));
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+
|
||
|
g_type_init();
|
||
|
|
||
|
loop = g_main_loop_new(NULL, FALSE);
|