mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-01-23 07:08:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

run: Don't let XDG_RUNTIME_DIR from user override the value we set

Browse Source 
We use `bwrap --setenv XDG_RUNTIME_DIR` to set it to `/run/user/UID`,
regardless of what it is on the host system, but the changes made
to resolve CVE-2021-21261 unintentionally broke this by overwriting it
with the user's XDG_RUNTIME_DIR.

In practice this worked for most people, who either have
XDG_RUNTIME_DIR set to the same value we use (which is the conventional
setup from systemd-logind and elogind), or entirely unset (if they do not
have systemd-logind or elogind). However, it broke Wayland and other
XDG_RUNTIME_DIR-based protocols for people who intentionally set up an
XDG_RUNTIME_DIR that is different.

Fixes: 6d1773d2 "run: Convert all environment variables into bwrap arguments"
Resolves: https://github.com/flatpak/flatpak/issues/4372
Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie
2021-08-18 16:51:29 +01:00
committed by Alexander Larsson
parent c392e5adf6
commit 6e5b02e2d4
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/flatpak-run.c
View File

@@ -1671,6 +1671,10 @@ static const ExportData default_exports[] = {
{"XDG_DATA_DIRS", "/app/share:/usr/share"},
{"SHELL", "/bin/sh"},
{"TMPDIR", NULL}, /* Unset TMPDIR as it may not exist in the sandbox */
/* We always use /run/user/UID, even if the user's XDG_RUNTIME_DIR
* outside the sandbox is somewhere else. Don't allow a different
* setting from outside the sandbox to overwrite this. */
{"XDG_RUNTIME_DIR", NULL},
/* Some env vars are common enough and will affect the sandbox badly
if set on the host. We clear these always. */

8
tests/test-run.sh
View File

@@ -24,7 +24,7 @@ set -euo pipefail
skip_without_bwrap
skip_revokefs_without_fuse
echo "1..18"
echo "1..19"
# Use stable rather than master as the branch so we can test that the run
# command automatically finds the branch correctly
@@ -74,6 +74,12 @@ assert_file_has_content hello_out '^Hello world, from a sandbox$'
ok "hello"
XDG_RUNTIME_DIR="$(pwd)/xrd" run_sh org.test.Platform 'echo $XDG_RUNTIME_DIR' > value-in-sandbox
head value-in-sandbox >&2
assert_file_has_content value-in-sandbox "^/run/user/$(id -u)\$"
ok "XDG_RUNTIME_DIR not inherited"
run_sh org.test.Platform cat /.flatpak-info >runtime-fpi
assert_file_has_content runtime-fpi "[Runtime]"
assert_file_has_content runtime-fpi "^runtime=runtime/org\.test\.Platform/$ARCH/stable$"