From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mIklCXwZcGC0SAAAgWs5BA (envelope-from ) for ; Fri, 09 Apr 2021 11:08:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 2NoXA3wZcGA1LQAAbx9fmQ (envelope-from ) for ; Fri, 09 Apr 2021 09:08:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 67BBB280A4 for ; Fri, 9 Apr 2021 11:08:11 +0200 (CEST) Received: from localhost ([::1]:44704 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lUn7a-00030e-J1 for larch@yhetil.org; Fri, 09 Apr 2021 05:08:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55644) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lUn7S-0002yI-Hf for bug-guix@gnu.org; Fri, 09 Apr 2021 05:08:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:37532) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lUn7S-0001KS-9H for bug-guix@gnu.org; Fri, 09 Apr 2021 05:08:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lUn7S-0003s5-4B for bug-guix@gnu.org; Fri, 09 Apr 2021 05:08:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 09 Apr 2021 09:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47576 X-GNU-PR-Package: guix X-GNU-PR-Keywords: security To: Mark H Weaver Received: via spool by 47576-submit@debbugs.gnu.org id=B47576.161795922214788 (code B ref 47576); Fri, 09 Apr 2021 09:08:02 +0000 Received: (at 47576) by debbugs.gnu.org; 9 Apr 2021 09:07:02 +0000 Received: from localhost ([127.0.0.1]:49078 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lUn6O-0003q6-Q8 for submit@debbugs.gnu.org; Fri, 09 Apr 2021 05:07:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34170) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lUn6M-0003po-P8 for 47576@debbugs.gnu.org; Fri, 09 Apr 2021 05:06:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34294) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lUn6H-0000cj-2f; Fri, 09 Apr 2021 05:06:49 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=35842 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lUn64-0006XX-FL; Fri, 09 Apr 2021 05:06:41 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87pmzcdljm.fsf@netris.org> <877dljdenq.fsf@netris.org> <874kgndds4.fsf@netris.org> Date: Fri, 09 Apr 2021 11:06:34 +0200 In-Reply-To: <874kgndds4.fsf@netris.org> (Mark H. Weaver's message of "Sat, 03 Apr 2021 03:31:44 -0400") Message-ID: <87pmz37rol.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 47576@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617959291; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=i22qyh3UriQnDnUL0OR8Q3A5uunctUMEVYNj/XFGcww=; b=jkHE17b1JcxRNs2s/ySEnNDWuRbG7oERL4wyemkd9sGJVg2hl+O2ntR074oD6NM2fqFlqY uLaFbTmIing6idrOsFvjH4666QF/IwBSuR7tDApMDPCVLFiVHE6JwbPErZ7M/6HBY3Bu8H 4gGoYzzcU8rp06sk6w+judNQqknRNdg2HXV4zlqDiIV0sBzmqr0ouwJUr3sYW7tVIlHMEB SYT6IEZMtH/QL1ryeN4Gh8LI0NlbTlf3BtaVpVzpZ0tto8E4zI0YE/6gYWHK/9JyAOmkPD aFrHZQhwruFllMFvplC6GBDpn+onmgTBAm/cOrkqHK5F1ykCIgoKoTf6khxTxA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617959291; a=rsa-sha256; cv=none; b=jjMhmxXFabYnE3U/Ma+0dF7spWwjAwWhpdyapitGznuBkxbpoJxORpXW+YPyZ3J0xrnxI9 wajSEaWh1RIikFEyD4lBsWLnKWLejC26JiqFnajv94VIPivIqNSbWRRgVk2o4p+gLIkeNO id8OpqjtgNLZxBKIUsQcsHlnzpyeiTf9LEaRBO+SBPbs9rI/K5ZvzSurPNUBx9yTpciFbq 8/Ccq6zRrgLUpnk1bFba7qyg+Ik2NHpe9TuZGkAO9LZa42zhuw+ZHwpGAcXuweQE8TspWq eH4KKJdnvP9aGHhyeeU+mYZDABgzAdhlCbaeu368vDXD/yfnYBxlfrHq3Sf0lg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -2.94 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 67BBB280A4 X-Spam-Score: -2.94 X-Migadu-Scanner: scn0.migadu.com X-TUID: X7vO6rm7nBFB --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Mark H Weaver skribis: > I found them: > > ~/.cache/ibus/bus/registry > /var/lib/gdm/.cache/ibus/bus/registry > > On my system, those files include absolute pathnames to programs in > /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22, which I > compiled last December. Looks like . The problem seems to generally affect GLib/GNOME-ish caches. >From a quick look at ibusregistry.c & co, I think the values that end up in the cache are taken from these XML files: --8<---------------cut here---------------start------------->8--- $ grep /gnu/store $(find $(guix build ibus) -name \*.xml) /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/componen= t/gtkpanel.xml: /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.= 22/libexec/ibus-ui-gtk3 /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/componen= t/dconf.xml: /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/= libexec/ibus-dconf /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/componen= t/simple.xml: /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22= /libexec/ibus-engine-simple /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/componen= t/gtkextension.xml: /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-= 1.5.22/libexec/ibus-extension-gtk3 --8<---------------cut here---------------end--------------->8--- It=E2=80=99s the =E2=80=98components=E2=80=99 field of _IBusRegistryPrivate: --8<---------------cut here---------------start------------->8--- struct _IBusRegistryPrivate { /* a list of IBusObservedPath objects. */ GList *observed_paths; /* a list of IBusComponent objects that are created from component XML * files (or from the cache of them). */ GList *components; gboolean changed; /* a mapping from GFile to GFileMonitor. */ GHashTable *monitor_table; guint monitor_timeout_id; }; --8<---------------cut here---------------end--------------->8--- The attached patch does the following: 1. change the above file names in XML files to relative file names; 2. change ibuscomponent.c to automatically prepend $libexecdir to items that are relative file names. That way, XML files and thus caches should only contain relative file names for ibus=E2=80=99 own executables. The attached patch builds with: guix build ibus --with-patch=3Dibus=3D/tmp/ibus.patch =E2=80=A6 but I don=E2=80=99t know if it actually works. Testing welcome. = :-) Unfortunately this strategy doesn=E2=80=99t help with IBus extensions: --8<---------------cut here---------------start------------->8--- $ grep exec $(find $(guix build ibus-anthy) -name \*.xml) /gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-anthy-1.5.9/share/ibus/com= ponent/anthy.xml: /gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-an= thy-1.5.9/libexec/ibus-engine-anthy --ibus /gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-anthy-1.5.9/share/ibus/com= ponent/anthy.xml: --8<---------------cut here---------------end--------------->8--- Thoughts? Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=ibus.patch Content-Description: the patch diff --git a/conf/dconf/dconf.xml.in b/conf/dconf/dconf.xml.in index 4205cb0..538f500 100644 --- a/conf/dconf/dconf.xml.in +++ b/conf/dconf/dconf.xml.in @@ -3,7 +3,7 @@ org.freedesktop.IBus.Config Dconf Config Component - @libexecdir@/ibus-dconf + ibus-dconf @VERSION@ Daiki Ueno <ueno@unixuser.org> GPL diff --git a/conf/memconf/memconf.xml.in b/conf/memconf/memconf.xml.in index d6ea690..9f51bcc 100644 --- a/conf/memconf/memconf.xml.in +++ b/conf/memconf/memconf.xml.in @@ -2,7 +2,7 @@ org.freedesktop.IBus.Config On-memory Config Component - @libexecdir@/ibus-memconf + ibus-memconf @VERSION@ Peng Huang <shawn.p.huang@gmail.com>, modified by the Chromium OS Authors GPL diff --git a/engine/simple.xml.in b/engine/simple.xml.in index fc1541e..47cbea1 100644 --- a/engine/simple.xml.in +++ b/engine/simple.xml.in @@ -2,7 +2,7 @@ org.freedesktop.IBus.Simple A table based simple engine - @libexecdir@/ibus-engine-simple + ibus-engine-simple @VERSION@ Peng Huang <shawn.p.huang@gmail.com> GPL diff --git a/src/Makefile.am b/src/Makefile.am index a8e3d07..2c461ee 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -49,6 +49,7 @@ AM_CPPFLAGS = \ @GLIB2_CFLAGS@ \ @GOBJECT2_CFLAGS@ \ @GIO2_CFLAGS@ \ + -DLIBEXECDIR=\"$(libexecdir)\" \ -DIBUS_CACHE_DIR=\""$(localstatedir)/cache/ibus"\" \ -DIBUS_DATA_DIR=\"$(pkgdatadir)\" \ -DIBUS_DISABLE_DEPRECATION_WARNINGS \ diff --git a/src/Makefile.in b/src/Makefile.in index 2a9c2ab..c3dfd87 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -613,6 +613,7 @@ CLEANFILES = $(am__append_2) $(BUILT_SOURCES) stamp-ibusmarshalers.h \ # C preprocessor flags AM_CPPFLAGS = -DG_LOG_DOMAIN=\"IBUS\" @GLIB2_CFLAGS@ @GOBJECT2_CFLAGS@ \ @GIO2_CFLAGS@ \ + -DLIBEXECDIR=\"$(libexecdir)\" \ -DIBUS_CACHE_DIR=\""$(localstatedir)/cache/ibus"\" \ -DIBUS_DATA_DIR=\"$(pkgdatadir)\" \ -DIBUS_DISABLE_DEPRECATION_WARNINGS -DIBUS_COMPILATION \ diff --git a/src/ibuscomponent.c b/src/ibuscomponent.c index 9837f47..4b55a66 100644 --- a/src/ibuscomponent.c +++ b/src/ibuscomponent.c @@ -614,6 +614,18 @@ ibus_component_parse_engines (IBusComponent *component, if (exec != NULL) { gchar *output = NULL; + + if (exec[0] != '/') { + /* EXEC is a relative file name, so assume it's the name of an + executable in $libexecdir and expand it. */ + GString *absolute = g_string_new (LIBEXECDIR); + g_string_append (absolute, "/"); + g_string_append (absolute, exec); + + g_free (exec); + exec = g_string_free (absolute, FALSE); + } + if (g_spawn_command_line_sync (exec, &output, NULL, NULL, NULL)) { engines_node = ibus_xml_parse_buffer (output); g_free (output); diff --git a/ui/gtk3/gtkextension.xml.in b/ui/gtk3/gtkextension.xml.in index b8157c9..fc945ab 100644 --- a/ui/gtk3/gtkextension.xml.in +++ b/ui/gtk3/gtkextension.xml.in @@ -3,7 +3,7 @@ org.freedesktop.IBus.Panel.Extension Gtk Panel Extension Component - @libexecdir@/ibus-extension-gtk3 + ibus-extension-gtk3 @VERSION@ Takao Fujiwara <takao.fujiwara1@gmail.com> GPL diff --git a/ui/gtk3/gtkpanel.xml.in b/ui/gtk3/gtkpanel.xml.in index b61f400..2175b93 100644 --- a/ui/gtk3/gtkpanel.xml.in +++ b/ui/gtk3/gtkpanel.xml.in @@ -3,7 +3,7 @@ org.freedesktop.IBus.Panel Gtk Panel Component - @libexecdir@/ibus-ui-gtk3 + ibus-ui-gtk3 @VERSION@ Peng Huang <shawn.p.huang@gmail.com> GPL --=-=-=--