GNOME Bugzilla – Bug 327602
gnome-screensaver never propagates the environment to its helper dialog
Last modified: 2007-07-30 15:19:20 UTC
Hi, Nalin Dahyabhai <nalin@redhat.com> filed this report in red hat bugzilla (http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173300). "When a user attempts to unlock the screen, the gnome-screensaver session daemon spawns gnome-screensaver-dialog to authenticate the user. On systems where shadow passwords are in use, and on which PAM (which it is assumed can check passwords without elevated privileges), the dialog is setuid. For the sake of these cases, gnome-screensaver starts the dialog with only a handful of variables copied from the user's environment (PATH, SESSION_MANAGER, XAUTHORITY, XAUTHLOCALHOSTNAME, LANG, LANGUAGE). While this does nothing to prevent the user from doing the same thing and attempting to exploit any bugs which might be present in a setuid installation of gnome-screensaver-dialog, it also penalizes the non-setuid case by breaking themes and any other user-interface customizations which are specified through the environment."
Created attachment 57620 [details] [review] his proposed patch
What other environment variables are used for these themes and customizations? So with this patch those themes still won't work when setuid. The security concern is only part of the reason. Another part is simply having a controlled and known environment. This reduces the number of combinations to check when troubleshooting. Probably sanitizing the PATH and LD_LIBRARY_PATH wouldn't be a bad thing either.
I can't see that bug BTW.
Part of that patch has already been committed. It should be much easier now to add new env variables to propagate. What other variables should be passed?
This bug report popped up again here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187341
(and there is a smaller patch this time on it here: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=127090)
I was snooping your bug reports and have already applied this to CVS. Thanks. Even though this kind of iteration is somewhat bothersome I still think it is useful to actually know what environment variables we require.
Not sure offhand. Nalin, do you know?
On a side note. Would you like to be auto CC'd on all fedora gnome-screensaver bug reports? A few people have asked for it in past (jwz for xscreensaver, hughsie for gnome-power-manager, among others). It might make things easier for you, if you're searching through the bug reports anyway.
Sure, that might make things easier. Thanks.
Ray, the two variables added by the patch are specific to Kerberos, but beyond that I don't have anything. (I suppose if you wanted to use a running ssh-agent for authentication, you'd need to pass through SSH_AUTH_SOCK, but that's kind of crazy.)
Hi William, Should be set now (wrt to comment 9 and comment 10)
OK, finally removed the filtering.