83 lines
2.6 KiB
Plaintext
83 lines
2.6 KiB
Plaintext
$OpenBSD: patch-atk-adaptor_bridge_c,v 1.1 2012/07/07 06:59:24 jasper Exp $
|
|
|
|
From e4f3eee2e137cd34cd427875365f458c65458164 Mon Sep 17 00:00:00 2001
|
|
From: Mike Gorse <mgorse@suse.com>
|
|
Date: Thu, 21 Jun 2012 21:56:40 +0000
|
|
Subject: Use XDG_RUNTIME_DIR to hold sockets, and do not make a world-writable dir
|
|
|
|
If we use XDG_RUNTIME_DIR, then the directory should be owned by the
|
|
appropriate user, so it should not need to be world-writable. Hopefully this
|
|
won't break accessibility for administrative apps on some distro.
|
|
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=678348
|
|
|
|
CVE-2012-3378
|
|
|
|
--- atk-adaptor/bridge.c.orig Wed Mar 14 22:53:35 2012
|
|
+++ atk-adaptor/bridge.c Thu Jul 5 22:19:14 2012
|
|
@@ -327,7 +327,6 @@ register_application (SpiBridge * app)
|
|
DBusMessageIter iter;
|
|
DBusError error;
|
|
DBusPendingCall *pending;
|
|
- const int max_addr_length = 128; /* should be long enough */
|
|
|
|
dbus_error_init (&error);
|
|
|
|
@@ -355,16 +354,16 @@ register_application (SpiBridge * app)
|
|
if (message)
|
|
dbus_message_unref (message);
|
|
|
|
- /* could this be better, we accept some amount of race in getting the temp name*/
|
|
- /* make sure the directory exists */
|
|
- mkdir ("/tmp/at-spi2/", S_IRWXU|S_IRWXG|S_IRWXO|S_ISVTX);
|
|
- chmod ("/tmp/at-spi2/", S_IRWXU|S_IRWXG|S_IRWXO|S_ISVTX);
|
|
- app->app_bus_addr = g_malloc(max_addr_length * sizeof(char));
|
|
#ifndef DISABLE_P2P
|
|
- sprintf (app->app_bus_addr, "unix:path=/tmp/at-spi2/socket-%d-%d", getpid(),
|
|
- rand());
|
|
-#else
|
|
- app->app_bus_addr [0] = '\0';
|
|
+ app->app_tmp_dir = g_build_filename (g_get_user_runtime_dir (),
|
|
+ "at-spi2-XXXXXX", NULL);
|
|
+ if (!g_mkdtemp (app->app_tmp_dir))
|
|
+ {
|
|
+ g_free (app->app_tmp_dir);
|
|
+ app->app_tmp_dir = NULL;
|
|
+ return FALSE;
|
|
+ }
|
|
+ app->app_bus_addr = g_strdup_printf ("unix:path=%s/socket", app->app_tmp_dir);
|
|
#endif
|
|
|
|
return TRUE;
|
|
@@ -395,6 +394,20 @@ deregister_application (SpiBridge * app)
|
|
dbus_connection_send (app->bus, message, NULL);
|
|
if (message)
|
|
dbus_message_unref (message);
|
|
+
|
|
+ if (app->app_bus_addr)
|
|
+ {
|
|
+ unlink (app->app_bus_addr);
|
|
+ g_free (app->app_bus_addr);
|
|
+ app->app_bus_addr = NULL;
|
|
+ }
|
|
+
|
|
+ if (app->app_tmp_dir)
|
|
+ {
|
|
+ rmdir (app->app_tmp_dir);
|
|
+ g_free (app->app_tmp_dir);
|
|
+ app->app_tmp_dir = NULL;
|
|
+ }
|
|
}
|
|
|
|
/*---------------------------------------------------------------------------*/
|
|
@@ -583,6 +596,9 @@ setup_bus (void)
|
|
#ifndef DISABLE_P2P
|
|
DBusServer *server;
|
|
DBusError err;
|
|
+
|
|
+ if (!spi_global_app_data->app_bus_addr)
|
|
+ return -1;
|
|
|
|
dbus_error_init(&err);
|
|
server = dbus_server_listen(spi_global_app_data->app_bus_addr, &err);
|