Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
portal: Do not use caller-supplied variables in environment
If the caller specifies a variable that can be used to inject arbitrary code into processes, we must not allow it to enter the environment block used to run `flatpak run`, which runs unsandboxed. This change requires the previous commit "context: Add --env-fd option", which adds infrastructure used here. To be secure, this change also requires the previous commit "run: Convert all environment variables into bwrap arguments", which protects a non-setuid bwrap(1) from the same attack. Signed-off-by: Simon McVittie <smcv@collabora.com> Part-of: GHSA-4ppf-fxf6-vxg2
- Loading branch information