From 890efe85e3b0433feb4e3939ac5b0ba6e16407b2 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Mon, 17 May 2021 00:05:16 +0200 Subject: [PATCH] util: Blacklist some session-specific variables Things like XDG_SESSION_ID should not be uploaded to the environment. For example this is broken currently: 1. SSH to your machine 2. Log in to MATE Shell 3. Log out 4. Log in again 5. Lock the screen 6. Try to unlock You can't, and this is because the XDG_SESSION_ID from the first session (step 2) has leaked through to the second one (step 4), and so MATE Shell is listening to the `logind` `UnlockSession` signal for the wrong session. The SSH session established in step 1 serves to keep the `systemd --user` instance alive, so that the state is not torn down between logins. Original patch for GNOME by Iain Lane . Patch ported over to MATE's session manager by Mike Gabriel . Fixes https://github.com/mate-desktop/mate-session-manager/issues/271 --- mate-session/gsm-util.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/mate-session/gsm-util.c b/mate-session/gsm-util.c index 76bf9cd0..f25773ec 100644 --- a/mate-session/gsm-util.c +++ b/mate-session/gsm-util.c @@ -38,6 +38,13 @@ static gchar *_saved_session_dir = NULL; +static const char * const variable_blacklist[] = { + "XDG_SEAT", + "XDG_SESSION_ID", + "XDG_VTNR", + NULL +}; + gchar ** gsm_get_screen_locker_command (void) { @@ -536,6 +543,9 @@ gsm_util_export_activation_environment (GError **error) const char *entry_name = entry_names[i]; const char *entry_value = g_getenv (entry_name); + if (g_strv_contains (variable_blacklist, entry_name)) + continue; + if (!g_utf8_validate (entry_name, -1, NULL)) continue; @@ -603,8 +613,13 @@ gsm_util_export_user_environment (GError **error) return FALSE; } + entries = g_get_environ (); + + for (; variable_blacklist[i] != NULL; i++) + entries = g_environ_unsetenv (entries, variable_blacklist[i]); + g_variant_builder_init (&builder, G_VARIANT_TYPE ("as")); - for (entries = g_get_environ (); entries[i] != NULL; i++) { + for (i = 0; entries[i] != NULL; i++) { const char *entry = entries[i]; if (!g_utf8_validate (entry, -1, NULL))