[gnome-session/benzea/systemd-issue-36] autostart-app: Strip blacklisted variables from autostart environment

[Benjamin Berg <bberg src gnome org>]

commit 7d7e31eedcf0e87fae6a982a288318bbbbb34301
Author: Benjamin Berg <bberg redhat com>
Date:   Mon Oct 7 22:47:24 2019 +0200

    autostart-app: Strip blacklisted variables from autostart environment
    
    So far the blacklisted variables were not actively striped from the
    environment of XDG autostart applications. Update the code to explicitly
    unset the variables, preventing e.g. NOTIFY_SOCKET to be leaked to
    children.
    
    Fixes: #36

 gnome-session/gsm-autostart-app.c | 5 +++++
 gnome-session/gsm-util.c          | 8 ++++----
 gnome-session/gsm-util.h          | 2 ++
 3 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/gnome-session/gsm-autostart-app.c b/gnome-session/gsm-autostart-app.c
index 01ba5f9a..c263b7f5 100644
--- a/gnome-session/gsm-autostart-app.c
+++ b/gnome-session/gsm-autostart-app.c
@@ -1013,6 +1013,11 @@ autostart_app_start_spawn (GsmAutostartApp *app,
         local_error = NULL;
         ctx = g_app_launch_context_new ();
 
+        /* Unset all environment variables; everything relevant will be
+         * returned by gsm_util_listenv. */
+        for (i = 0; gsm_variable_blacklist[i] != NULL; i++)
+                g_app_launch_context_unsetenv (ctx, gsm_variable_blacklist[i]);
+
         child_environment = gsm_util_listenv ();
         for (i = 0; child_environment[i] != NULL; i++) {
                 char **environment_tuple;
diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
index ada12253..29bf51e0 100644
--- a/gnome-session/gsm-util.c
+++ b/gnome-session/gsm-util.c
@@ -41,7 +41,7 @@ static gchar **child_environment;
  * (e.g. XDG_VTNR), others because they simply must never be passed on
  * (NOTIFY_SOCKET).
  */
-static const char * const variable_blacklist[] = {
+const char * const gsm_variable_blacklist[] = {
     "NOTIFY_SOCKET",
     "XDG_SEAT",
     "XDG_SESSION_ID",
@@ -564,7 +564,7 @@ gsm_util_export_activation_environment (GError     **error)
                 const char *entry_name = entry_names[i];
                 const char *entry_value = g_getenv (entry_name);
 
-                if (g_strv_contains (variable_blacklist, entry_name))
+                if (g_strv_contains (gsm_variable_blacklist, entry_name))
                     continue;
 
                 if (!g_utf8_validate (entry_name, -1, NULL))
@@ -640,8 +640,8 @@ gsm_util_export_user_environment (GError     **error)
 
         entries = g_get_environ ();
 
-        for (i = 0; variable_blacklist[i] != NULL; i++)
-                entries = g_environ_unsetenv (entries, variable_blacklist[i]);
+        for (i = 0; gsm_variable_blacklist[i] != NULL; i++)
+                entries = g_environ_unsetenv (entries, gsm_variable_blacklist[i]);
 
         g_variant_builder_init (&builder, G_VARIANT_TYPE ("(asas)"));
 
diff --git a/gnome-session/gsm-util.h b/gnome-session/gsm-util.h
index 8bca5f4d..aad9e451 100644
--- a/gnome-session/gsm-util.h
+++ b/gnome-session/gsm-util.h
@@ -61,6 +61,8 @@ gboolean    gsm_util_start_systemd_unit             (const char  *unit,
 
 void        gsm_quit                                (void);
 
+extern const char * const gsm_variable_blacklist[];
+
 G_END_DECLS
 
 #endif /* __GSM_UTIL_H__ */