From daf3d5c2d15466a267221fcb099c59c870098e03 Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip.withnall@collabora.co.uk>
Date: Thu, 19 May 2016 10:08:08 +0100
Subject: [PATCH 05/16] data: Set GIO_USE_VFS=local in the environment

There is no need for polkit to ever use GVFS to load files from
non-local sources, so it's best to avoid loading GVFS code, and to just
rely on the local implementation in GIO instead. This reduces the attack
surface of polkit.

Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent,
because none of them need remote file access.

https://bugs.freedesktop.org/show_bug.cgi?id=95487
---
 src/polkitbackend/polkitd.c | 4 ++++
 src/programs/pkaction.c     | 4 ++++
 src/programs/pkcheck.c      | 4 ++++
 src/programs/pkexec.c       | 3 +++
 src/programs/pkttyagent.c   | 4 ++++
 5 files changed, 19 insertions(+)

diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c
index d1527fb..8d54ed7 100644
--- a/src/polkitbackend/polkitd.c
+++ b/src/polkitbackend/polkitd.c
@@ -22,6 +22,7 @@
 #include "config.h"
 
 #include <signal.h>
+#include <stdlib.h>
 
 #include <glib-unix.h>
 
@@ -169,6 +170,9 @@ main (int    argc,
   sigint_id = 0;
   registration_id = NULL;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   opt_context = g_option_context_new ("polkit system daemon");
diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
index f17a7dc..221662a 100644
--- a/src/programs/pkaction.c
+++ b/src/programs/pkaction.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <glib/gi18n.h>
 #include <polkit/polkit.h>
 
@@ -121,6 +122,9 @@ main (int argc, char *argv[])
   actions = NULL;
   ret = 1;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   opt_show_version = FALSE;
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
index 5781893..33db128 100644
--- a/src/programs/pkcheck.c
+++ b/src/programs/pkcheck.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <glib/gi18n.h>
 #include <polkit/polkit.h>
 #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
@@ -362,6 +363,9 @@ main (int argc, char *argv[])
   local_agent_handle = NULL;
   ret = 126;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   details = polkit_details_new ();
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 50de92c..3b29b24 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -503,6 +503,9 @@ main (int argc, char *argv[])
   opt_user = NULL;
   local_agent_handle = NULL;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   /* check for correct invocation */
   if (geteuid () != 0)
     {
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
index 423b728..8aac7dd 100644
--- a/src/programs/pkttyagent.c
+++ b/src/programs/pkttyagent.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <glib/gi18n.h>
 #include <polkit/polkit.h>
 #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
@@ -74,6 +75,9 @@ main (int argc, char *argv[])
   guint ret = 126;
   GVariantBuilder builder;
 
+  /* Disable remote file access from GIO. */
+  setenv ("GIO_USE_VFS", "local", 1);
+
   g_type_init ();
 
   error = NULL;
-- 
2.13.0