Skip to content
Commit 5bdda2a6 authored by Philip Withnall's avatar Philip Withnall
Browse files

giomodule: Ignore GIO_MODULE_DIR when running as setuid 



Even if the modules in the given directory never get chosen to be used,
loading arbitrary code from a user-provided directory is not safe when
running as setuid, as the process’ environment comes from an untrusted
source.

Also ignore `GIO_EXTRA_MODULES`.

Spotted by Simon McVittie.

Signed-off-by: default avatarPhilip Withnall <pwithnall@endlessos.org>

Fixes: #2168
parent a7ad3fd3
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment