1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From: Simon McVittie <smcv@debian.org>
Date: Mon, 29 Mar 2021 12:49:35 +0100
Subject: util: Remove undesired variables from activation environment
Commit 646b9bc0 (included in 3.33.92) prevented one run of gnome-session
from uploading environment variables into `systemd --user` that should not
leak into a different login session, such as XDG_SESSION_ID. However,
non-GNOME session managers (and in particular the forks of gnome-session
found in Cinnamon and MATE) might still upload those environment variables.
The other session managers should be fixed, similar to 646b9bc0, but we
can mitigate this for GNOME sessions by actively unsetting the undesired
variables, instead of just not setting them.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://gitlab.gnome.org/GNOME/gnome-session/-/issues/86
Bug-Debian: https://bugs.debian.org/973474
Forwarded: https://gitlab.gnome.org/GNOME/gnome-session/-/merge_requests/63
---
gnome-session/gsm-util.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
index cdf6761..7dc4f26 100644
--- a/gnome-session/gsm-util.c
+++ b/gnome-session/gsm-util.c
@@ -646,6 +646,8 @@ gsm_util_export_user_environment (GError **error)
g_variant_builder_open (&builder, G_VARIANT_TYPE ("as"));
for (i = 0; variable_unsetlist[i] != NULL; i++)
g_variant_builder_add (&builder, "s", variable_unsetlist[i]);
+ for (i = 0; variable_blacklist[i] != NULL; i++)
+ g_variant_builder_add (&builder, "s", variable_blacklist[i]);
g_variant_builder_close (&builder);
g_variant_builder_open (&builder, G_VARIANT_TYPE ("as"));
|
