From 658cdc3fa2d2dd942030a4e199f75bfbb0738e3e Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Sun, 17 Aug 2025 17:51:32 +0200 Subject: [PATCH] create a more safe KONSOLE_DBUS_ACTIVATION_COOKIE cookie check with that for the dbus activation ensure we not leak this env var to dbus --- src/session/Session.cpp | 26 +++++++++++++++++++++++--- src/session/Session.h | 10 ++++++++-- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/src/session/Session.cpp b/src/session/Session.cpp index de688e223..bc08d9d10 100644 --- a/src/session/Session.cpp +++ b/src/session/Session.cpp @@ -20,10 +20,12 @@ // Qt #include +#include #include #include #include #include +#include #include // KDE @@ -87,8 +89,20 @@ static bool show_disallow_certain_dbus_methods_message = true; static const int ZMODEM_BUFFER_SIZE = 1048576; // 1 Mb +// compute a securely random cookie used for activationToken +static QString computeRandomCookie() +{ + // get good random data + quint32 array[8]; + QRandomGenerator::global()->fillRange(array); + + // convert to string usable for env var KONSOLE_DBUS_ACTIVATION_COOKIE + return QString::fromUtf8(QByteArray(reinterpret_cast(array), sizeof(array)).toBase64()); +} + Session::Session(QObject *parent) : QObject(parent) + , m_activationCookie(computeRandomCookie()) { _uniqueIdentifier = QUuid::createUuid(); @@ -562,18 +576,24 @@ void Session::run() addEnvironmentEntry(QStringLiteral("WINDOWID=%1").arg(QString::number(windowId()))); + // env vars we shall not expose e.g. over dbus + QStringList secretEnv; + #if HAVE_DBUS const QString dbusService = QDBusConnection::sessionBus().baseService(); addEnvironmentEntry(QStringLiteral("KONSOLE_DBUS_SERVICE=%1").arg(dbusService)); const QString dbusObject = QStringLiteral("/Sessions/%1").arg(QString::number(_sessionId)); addEnvironmentEntry(QStringLiteral("KONSOLE_DBUS_SESSION=%1").arg(dbusObject)); + + // secret cookie to trigger activationToken via dbus + secretEnv << QStringLiteral("KONSOLE_DBUS_ACTIVATION_COOKIE=%1").arg(m_activationCookie); #endif #ifndef Q_OS_WIN const auto originalEnvironment = _shellProcess->environment(); _shellProcess->setProgram(exec); - _shellProcess->setEnvironment(originalEnvironment + _environment); + _shellProcess->setEnvironment(originalEnvironment + _environment + secretEnv); const auto context = KSandbox::makeHostContext(*_shellProcess); arguments = postProcessArgs(context.arguments, arguments); _shellProcess->setEnvironment(originalEnvironment); @@ -2168,11 +2188,11 @@ void Session::runCommandFromLayout(const QString &command) const _emulation->sendText(command + QLatin1Char('\n')); } -QString Session::activationToken(const QString &shellSessionIdForRequest) const +QString Session::activationToken(const QString &cookieForRequest) const { // safety check, only work if the caller knows our id // they will read it from the SHELL_SESSION_ID env var inside this session - if (shellSessionIdForRequest != shellSessionId()) { + if (cookieForRequest != m_activationCookie) { return {}; } diff --git a/src/session/Session.h b/src/session/Session.h index bd6fdb4b7..8390005fd 100644 --- a/src/session/Session.h +++ b/src/session/Session.h @@ -740,11 +740,11 @@ public Q_SLOTS: /** * DBus slot to get an XDG activation token. - * Will check if the passed shellSessionId is the current one for safety. + * Will check if the passed cookieForRequest is the m_activationCookie one for safety. * Will try to generate a token and pass it back. * Can only be called from DBus, will answer delayed. */ - Q_SCRIPTABLE QString activationToken(const QString &shellSessionIdForRequest) const; + Q_SCRIPTABLE QString activationToken(const QString &cookieForRequest) const; Q_SIGNALS: @@ -978,6 +978,12 @@ private: QString _currentHostName; bool _selectMode = false; + + /** + * secret cookie for activationToken, shall be only exposed to shell + * environment as KONSOLE_DBUS_ACTIVATION_COOKIE + */ + const QString m_activationCookie; }; }