After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 327602 - gnome-screensaver never propagates the environment to its helper dialog
gnome-screensaver never propagates the environment to its helper dialog
Status: RESOLVED FIXED
Product: gnome-screensaver
Classification: Deprecated
Component: daemon
unspecified
Other Linux
: Normal normal
: ---
Assigned To: gnome-screensaver maintainers
gnome-screensaver maintainers
Depends on:
Blocks: 459745
 
 
Reported: 2006-01-18 22:33 UTC by Ray Strode [halfline]
Modified: 2007-07-30 15:19 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
his proposed patch (3.76 KB, patch)
2006-01-18 22:34 UTC, Ray Strode [halfline]
rejected Details | Review

Description Ray Strode [halfline] 2006-01-18 22:33:18 UTC
Hi,

Nalin Dahyabhai <nalin@redhat.com> filed this report in red hat bugzilla (http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173300).

"When a user attempts to unlock the screen, the gnome-screensaver session daemon
spawns gnome-screensaver-dialog to authenticate the user.  On systems where
shadow passwords are in use, and on which PAM (which it is assumed can check
passwords without elevated privileges), the dialog is setuid.

For the sake of these cases, gnome-screensaver starts the dialog with only a
handful of variables copied from the user's environment (PATH, SESSION_MANAGER,
XAUTHORITY, XAUTHLOCALHOSTNAME, LANG, LANGUAGE).

While this does nothing to prevent the user from doing the same thing and
attempting to exploit any bugs which might be present in a setuid installation
of gnome-screensaver-dialog, it also penalizes the non-setuid case by breaking
themes and any other user-interface customizations which are specified through
the environment."
Comment 1 Ray Strode [halfline] 2006-01-18 22:34:24 UTC
Created attachment 57620 [details] [review]
his proposed patch
Comment 2 William Jon McCann 2006-01-18 23:18:10 UTC
What other environment variables are used for these themes and customizations?  So with this patch those themes still won't work when setuid.

The security concern is only part of the reason.  Another part is simply having a controlled and known environment.  This reduces the number of combinations to check when troubleshooting.

Probably sanitizing the PATH and LD_LIBRARY_PATH wouldn't be a bad thing either.


Comment 3 William Jon McCann 2006-01-18 23:20:23 UTC
I can't see that bug BTW.
Comment 4 William Jon McCann 2006-02-16 18:55:16 UTC
Part of that patch has already been committed.  It should be much easier now to add new env variables to propagate.  What other variables should be passed?
Comment 5 Ray Strode [halfline] 2006-03-31 17:21:51 UTC
This bug report popped up again here: 

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187341
Comment 6 Ray Strode [halfline] 2006-03-31 17:22:45 UTC
(and there is a smaller patch this time on it here: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=127090)
Comment 7 William Jon McCann 2006-03-31 17:37:40 UTC
I was snooping your bug reports and have already applied this to CVS.  Thanks.

Even though this kind of iteration is somewhat bothersome I still think it is useful to actually know what environment variables we require.
Comment 8 Ray Strode [halfline] 2006-03-31 17:51:52 UTC
Not sure offhand.  Nalin, do you know?
Comment 9 Ray Strode [halfline] 2006-03-31 17:54:28 UTC
On a side note.  Would you like to be auto CC'd on all fedora gnome-screensaver bug reports?  A few people have asked for it in past (jwz for xscreensaver, hughsie for gnome-power-manager, among others).  It might make things easier for you, if you're searching through the bug reports anyway.
Comment 10 William Jon McCann 2006-03-31 18:16:51 UTC
Sure, that might make things easier.  Thanks.
Comment 11 Nalin Dahyabhai 2006-03-31 22:22:22 UTC
Ray, the two variables added by the patch are specific to Kerberos, but beyond that I don't have anything.

(I suppose if you wanted to use a running ssh-agent for authentication, you'd need to pass through SSH_AUTH_SOCK, but that's kind of crazy.)
Comment 12 Ray Strode [halfline] 2006-04-02 04:10:17 UTC
Hi William,

Should be set now (wrt to comment 9 and comment 10)
Comment 13 William Jon McCann 2007-07-30 15:17:38 UTC
OK, finally removed the filtering.