Package: guix;
Reported by: Mark H Weaver <mhw <at> netris.org>
Date: Sat, 3 Apr 2021 04:46:01 UTC
Severity: normal
Tags: security
To reply to this bug, email your comments to 47576 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 04:46:01 GMT) Full text and rfc822 format available.Mark H Weaver <mhw <at> netris.org>:bug-guix <at> gnu.org.
(Sat, 03 Apr 2021 04:46:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Mark H Weaver <mhw <at> netris.org> To: bug-guix <at> gnu.org Subject: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 00:44:02 -0400
Several processes on my Guix system load shared libraries from the
*ungrafted* glib: specifically, all of the subprocesses of
'ibus-daemon'.
The 'ibus-daemon' process itself seems to be properly grafted. However,
its subprocesses are from an old, ungrafted build of 'ibus':
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ pstree -up 796
.ibus-daemon-re(796,mhw)─┬─.ibus-dconf-rea(803)─┬─{.ibus-dconf-rea}(806)
│ └─{.ibus-dconf-rea}(807)
├─.ibus-engine-si(892)─┬─{.ibus-engine-si}(917)
│ └─{.ibus-engine-si}(918)
├─.ibus-extension(804)─┬─{.ibus-extension}(810)
│ ├─{.ibus-extension}(811)
│ └─{.ibus-extension}(819)
├─{.ibus-daemon-re}(797)
└─{.ibus-daemon-re}(798)
mhw <at> jojen ~$ ps -fq 796,803,892,804
UID PID PPID C STIME TTY TIME CMD
mhw 796 698 0 00:10 tty8 00:00:00 /gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim
mhw 803 796 0 00:10 tty8 00:00:00 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-dconf
mhw 892 796 0 00:10 tty8 00:00:00 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-engine-simple
mhw 804 796 2 00:10 tty8 00:00:01 /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-extension-gtk3
--8<---------------cut here---------------end--------------->8---
(The same issue occurs for the 'ibus-daemon' that's owned by 'gdm').
/gnu/store/radg…-ibus-1.5.22 seems to be the properly grafted 'ibus',
replacing the ungrafted /gnu/store/wnqv…-ibus-1.5.22 which I last built
on February 2nd: (I don't use substitutes)
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ bzcat $(guix build --log-file /gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22)
grafting '/gnu/store/wnqv8rj3ngjivl6334d1h8irszf39dm9-ibus-1.5.22' -> '/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22'...
mhw <at> jojen ~$ ls -l $(guix build --log-file /gnu/store/wnqv8rj3ngjivl6334d1h8irszf39dm9-ibus-1.5.22)
-rw-r--r-- 1 root root 24923 Feb 2 10:35 /var/log/guix/drvs/hx/qpdblmghj7pvg0ni2l38p0a1s4igbd-ibus-1.5.22.drv.bz2
--8<---------------cut here---------------end--------------->8---
The reference scanner does not see any references to any other 'ibus',
from either my system, my user profile, or the grafted 'ibus':
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ guix gc -R $(readlink -f /run/current-system) | grep -e -ibus-
/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22
mhw <at> jojen ~$ guix gc -R $(readlink -f ~/.guix-profile) | grep -e -ibus-
mhw <at> jojen ~$ guix gc -R /gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22 | grep -e -ibus-
/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22
--8<---------------cut here---------------end--------------->8---
Interestingly, the subprocesses are *not* from the ungrafted 'ibus' that
I last built on February 2nd. Instead, they are from a much older
ungrafted 'ibus', which I last built on December 20th of last year:
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ ls -l $(guix build --log-file /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22)
-rw-r--r-- 1 root root 24981 Dec 20 20:33 /var/log/guix/drvs/sn/k6581cpk6n8q3dvsarqmqimhx0n2i2-ibus-1.5.22.drv.bz2
--8<---------------cut here---------------end--------------->8---
I'm at a bit of a loss of where this much older, ungrafted 'ibus' is
coming from. Running "guix build ibus", with and without grafts, give
the other two 'ibus' store items:
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ guix build ibus --no-grafts
/gnu/store/wnqv8rj3ngjivl6334d1h8irszf39dm9-ibus-1.5.22
mhw <at> jojen ~$ guix build ibus
/gnu/store/radg6xacqvw60d76k97y0ydccjm7iq7a-ibus-1.5.22
--8<---------------cut here---------------end--------------->8---
Is there another variant of the 'ibus' package hiding somewhere?
Where is "/gnu/store/a4r6…-ibus-1.5.22" coming from?
I don't know that I'll have the energy to investigate this further
anytime soon, so I'm hoping that someone else will pick this up.
* * *
FYI, I discovered this while doing sanity checks on my new preliminary
grafting implementation (which supports rewriting UTF-16/32 store
references). Looking for references to the old 'glib' was the *first*
thing I checked. I haven't yet checked anything else, so I don't know
how widespread this problem is.
Mark
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 04:54:01 GMT) Full text and rfc822 format available.Message #8 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Mark H Weaver <mhw <at> netris.org> To: 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 00:51:32 -0400
Here's an obvious check that I should have included in my last message:
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ guix gc --referrers /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22
/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22
mhw <at> jojen ~$
--8<---------------cut here---------------end--------------->8---
This is the 'ibus' that I last built in December 2020, and which is
somehow, mysteriously, being used for the subprocesses of 'ibus-daemon'.
Mark
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 07:15:01 GMT) Full text and rfc822 format available.Message #11 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Mark H Weaver <mhw <at> netris.org> To: 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 03:12:46 -0400
Earlier, I wrote:
> Looking for references to the old 'glib' was the *first* thing I
> checked. I haven't yet checked anything else, so I don't know how
> widespread this problem is.
I looked for other ungrafted libraries loaded on my system, and I'm glad
to report that I see no evidence of any grafting problem other than this
'ibus-daemon' issue.
The following ungrafted libraries are loaded by processes from the
mysterious old version of 'ibus' on my system: glib, cairo, and libx11.
I still have no clue where the reference to that mysterious old version
(/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22) is coming
from.
Are other people seeing this? Here's an easy way to check:
--8<---------------cut here---------------start------------->8---
mhw <at> jojen ~$ ps axf | grep -e -ibus-
402 tty7 Sl 0:00 | | \_ /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim
407 tty7 Sl 0:00 | | \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-dconf
450 tty7 Sl 0:00 | | \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-engine-simple
798 tty8 Sl 0:00 | \_ /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim
804 tty8 Sl 0:00 | | \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-dconf
805 tty8 Sl 0:01 | | \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-extension-gtk3
894 tty8 Sl 0:00 | | \_ /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22/libexec/ibus-engine-simple
2246 pts/0 S+ 0:00 | | | \_ grep -e -ibus-
409 tty7 Sl 0:00 /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/libexec/ibus-x11 --kill-daemon
808 tty8 Sl 0:00 /gnu/store/vdc4j6c9psx8jicr5h2n8jdxsfjms3h2-ibus-1.5.22/libexec/ibus-x11 --kill-daemon
--8<---------------cut here---------------end--------------->8---
If you run this command, do you also see different 'ibus' store items
used by the daemon and its subprocesses?
Mark
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 07:34:01 GMT) Full text and rfc822 format available.Message #14 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Mark H Weaver <mhw <at> netris.org> To: 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 03:31:44 -0400
I wrote:
> I still have no clue where the reference to that mysterious old version
> (/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22) is coming
> from.
I found them:
~/.cache/ibus/bus/registry
/var/lib/gdm/.cache/ibus/bus/registry
On my system, those files include absolute pathnames to programs in
/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22, which I
compiled last December.
That old store item has been kept safe from GC for only one reason:
because 'ibus-daemon', along with its subprocesses, tend to be running
whenever I run "guix gc", and "guix gc" protects store items that are
currently in use by active processes.
Mark
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 11:30:02 GMT) Full text and rfc822 format available.Message #17 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Julien Lepiller <julien <at> lepiller.eu> To: Mark H Weaver <mhw <at> netris.org>,47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 07:29:00 -0400
[Message part 1 (text/plain, inline)]
Oh! That would explain why I had so much trouble fixing/updating ibus and ibus-anthy! We should probably fix ibus so it regenerates its cache when it's a different process. It could be as simple as using a subdirectory computed from the absolute name of the ibus binary, maybe. Le 3 avril 2021 03:31:44 GMT-04:00, Mark H Weaver <mhw <at> netris.org> a écrit : >I wrote: >> I still have no clue where the reference to that mysterious old >version >> (/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22) is coming >> from. > >I found them: > > ~/.cache/ibus/bus/registry > /var/lib/gdm/.cache/ibus/bus/registry > >On my system, those files include absolute pathnames to programs in >/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22, which I >compiled last December. > >That old store item has been kept safe from GC for only one reason: >because 'ibus-daemon', along with its subprocesses, tend to be running >whenever I run "guix gc", and "guix gc" protects store items that are >currently in use by active processes. > > Mark
[Message part 2 (text/html, inline)]
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 13:17:02 GMT) Full text and rfc822 format available.Message #20 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Maxime Devos <maximedevos <at> telenet.be> To: Mark H Weaver <mhw <at> netris.org>, 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 15:16:49 +0200
[Message part 1 (text/plain, inline)]
On Sat, 2021-04-03 at 03:12 -0400, Mark H Weaver wrote: > [...] > > The following ungrafted libraries are loaded by processes from the > mysterious old version of 'ibus' on my system: glib, cairo, and libx11. > I still have no clue where the reference to that mysterious old version > (/gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22) is coming > from. > > Are other people seeing this? Here's an easy way to check: > > [...] > > If you run this command, do you also see different 'ibus' store items > used by the daemon and its subprocesses? I also see different store items: $ ps axf | grep -e -ibus- > 1141 tty7 Sl 0:00 | | \_ /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/bin/ibus-daemon --panel disable -r --xim > 1146 tty7 Sl 0:00 | | \_ /gnu/store/7m04iv3pks6m6p8czw1mj58194rnfjyy-ibus-1.5.22/libexec/ibus-dconf > 1269 tty7 Sl 0:00 | | \_ /gnu/store/7m04iv3pks6m6p8czw1mj58194rnfjyy-ibus-1.5.22/libexec/ibus-engine-simple > 1148 tty7 Sl 0:00 /gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/libexec/ibus-x11 --kill-daemon > 25649 pts/5 S+ 0:00 \_ grep --color=auto -e -ibus- FWIW, this is on MATE. (TODO to self: investigate why GNOME Shell crashes after a few seconds.) Greetings, Maxime.
[signature.asc (application/pgp-signature, inline)]
bug-guix <at> gnu.org:bug#47576; Package guix.
(Sat, 03 Apr 2021 21:13:01 GMT) Full text and rfc822 format available.Message #23 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Mark H Weaver <mhw <at> netris.org> To: Julien Lepiller <julien <at> lepiller.eu>, 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Sat, 03 Apr 2021 17:10:59 -0400
Hi Julien,
Julien Lepiller <julien <at> lepiller.eu> writes:
> We should probably fix ibus so it regenerates its cache when it's a
> different process. It could be as simple as using a subdirectory
> computed from the absolute name of the ibus binary, maybe.
Would you like to try?
I won't be able to work more on this bug anytime soon, but I hope that
others will pick it up.
Thanks,
Mark
Léo Le Bouter <lle-bout <at> zaclys.net>
to control <at> debbugs.gnu.org.
(Tue, 06 Apr 2021 17:42:01 GMT) Full text and rfc822 format available.bug-guix <at> gnu.org:bug#47576; Package guix.
(Fri, 09 Apr 2021 09:08:02 GMT) Full text and rfc822 format available.Message #28 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Mark H Weaver <mhw <at> netris.org> Cc: 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Fri, 09 Apr 2021 11:06:34 +0200
[Message part 1 (text/plain, inline)]
Hi,
Mark H Weaver <mhw <at> netris.org> skribis:
> I found them:
>
> ~/.cache/ibus/bus/registry
> /var/lib/gdm/.cache/ibus/bus/registry
>
> On my system, those files include absolute pathnames to programs in
> /gnu/store/a4r6q1fbfqapy5hrrxap1yg96rjgln6q-ibus-1.5.22, which I
> compiled last December.
Looks like <https://issues.guix.gnu.org/22707>.
The problem seems to generally affect GLib/GNOME-ish caches.
From a quick look at ibusregistry.c & co, I think the values that end up
in the cache are taken from these XML files:
--8<---------------cut here---------------start------------->8---
$ grep /gnu/store $(find $(guix build ibus) -name \*.xml)
/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/component/gtkpanel.xml: <exec>/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/libexec/ibus-ui-gtk3</exec>
/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/component/dconf.xml: <exec>/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/libexec/ibus-dconf</exec>
/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/component/simple.xml: <exec>/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/libexec/ibus-engine-simple</exec>
/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/share/ibus/component/gtkextension.xml: <exec>/gnu/store/a7lxf1i35yqil6pxwxhzvr5q3xcqldyq-ibus-1.5.22/libexec/ibus-extension-gtk3</exec>
--8<---------------cut here---------------end--------------->8---
It’s the ‘components’ field of _IBusRegistryPrivate:
--8<---------------cut here---------------start------------->8---
struct _IBusRegistryPrivate {
/* a list of IBusObservedPath objects. */
GList *observed_paths;
/* a list of IBusComponent objects that are created from component XML
* files (or from the cache of them). */
GList *components;
gboolean changed;
/* a mapping from GFile to GFileMonitor. */
GHashTable *monitor_table;
guint monitor_timeout_id;
};
--8<---------------cut here---------------end--------------->8---
The attached patch does the following:
1. change the above <exec> file names in XML files to relative file
names;
2. change ibuscomponent.c to automatically prepend $libexecdir to
<exec> items that are relative file names.
That way, XML files and thus caches should only contain relative file
names for ibus’ own executables.
The attached patch builds with:
guix build ibus --with-patch=ibus=/tmp/ibus.patch
… but I don’t know if it actually works. Testing welcome. :-)
Unfortunately this strategy doesn’t help with IBus extensions:
--8<---------------cut here---------------start------------->8---
$ grep exec $(find $(guix build ibus-anthy) -name \*.xml)
/gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-anthy-1.5.9/share/ibus/component/anthy.xml: <exec>/gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-anthy-1.5.9/libexec/ibus-engine-anthy --ibus</exec>
/gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-anthy-1.5.9/share/ibus/component/anthy.xml: <engines exec="/gnu/store/d3mfffz41as1blfb28m8n461j42i6zjr-ibus-anthy-1.5.9/libexec/ibus-engine-anthy --xml" />
--8<---------------cut here---------------end--------------->8---
Thoughts?
Ludo’.
[ibus.patch (text/x-patch, inline)]
diff --git a/conf/dconf/dconf.xml.in b/conf/dconf/dconf.xml.in
index 4205cb0..538f500 100644
--- a/conf/dconf/dconf.xml.in
+++ b/conf/dconf/dconf.xml.in
@@ -3,7 +3,7 @@
<component>
<name>org.freedesktop.IBus.Config</name>
<description>Dconf Config Component</description>
- <exec>@libexecdir@/ibus-dconf</exec>
+ <exec>ibus-dconf</exec>
<version>@VERSION@</version>
<author>Daiki Ueno <ueno <at> unixuser.org></author>
<license>GPL</license>
diff --git a/conf/memconf/memconf.xml.in b/conf/memconf/memconf.xml.in
index d6ea690..9f51bcc 100644
--- a/conf/memconf/memconf.xml.in
+++ b/conf/memconf/memconf.xml.in
@@ -2,7 +2,7 @@
<component>
<name>org.freedesktop.IBus.Config</name>
<description>On-memory Config Component</description>
- <exec>@libexecdir@/ibus-memconf</exec>
+ <exec>ibus-memconf</exec>
<version>@VERSION@</version>
<author>Peng Huang <shawn.p.huang <at> gmail.com>, modified by the Chromium OS Authors</author>
<license>GPL</license>
diff --git a/engine/simple.xml.in b/engine/simple.xml.in
index fc1541e..47cbea1 100644
--- a/engine/simple.xml.in
+++ b/engine/simple.xml.in
@@ -2,7 +2,7 @@
<component>
<name>org.freedesktop.IBus.Simple</name>
<description>A table based simple engine</description>
- <exec>@libexecdir@/ibus-engine-simple</exec>
+ <exec>ibus-engine-simple</exec>
<version>@VERSION@</version>
<author>Peng Huang <shawn.p.huang <at> gmail.com></author>
<license>GPL</license>
diff --git a/src/Makefile.am b/src/Makefile.am
index a8e3d07..2c461ee 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -49,6 +49,7 @@ AM_CPPFLAGS = \
@GLIB2_CFLAGS@ \
@GOBJECT2_CFLAGS@ \
@GIO2_CFLAGS@ \
+ -DLIBEXECDIR=\"$(libexecdir)\" \
-DIBUS_CACHE_DIR=\""$(localstatedir)/cache/ibus"\" \
-DIBUS_DATA_DIR=\"$(pkgdatadir)\" \
-DIBUS_DISABLE_DEPRECATION_WARNINGS \
diff --git a/src/Makefile.in b/src/Makefile.in
index 2a9c2ab..c3dfd87 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -613,6 +613,7 @@ CLEANFILES = $(am__append_2) $(BUILT_SOURCES) stamp-ibusmarshalers.h \
# C preprocessor flags
AM_CPPFLAGS = -DG_LOG_DOMAIN=\"IBUS\" @GLIB2_CFLAGS@ @GOBJECT2_CFLAGS@ \
@GIO2_CFLAGS@ \
+ -DLIBEXECDIR=\"$(libexecdir)\" \
-DIBUS_CACHE_DIR=\""$(localstatedir)/cache/ibus"\" \
-DIBUS_DATA_DIR=\"$(pkgdatadir)\" \
-DIBUS_DISABLE_DEPRECATION_WARNINGS -DIBUS_COMPILATION \
diff --git a/src/ibuscomponent.c b/src/ibuscomponent.c
index 9837f47..4b55a66 100644
--- a/src/ibuscomponent.c
+++ b/src/ibuscomponent.c
@@ -614,6 +614,18 @@ ibus_component_parse_engines (IBusComponent *component,
if (exec != NULL) {
gchar *output = NULL;
+
+ if (exec[0] != '/') {
+ /* EXEC is a relative file name, so assume it's the name of an
+ executable in $libexecdir and expand it. */
+ GString *absolute = g_string_new (LIBEXECDIR);
+ g_string_append (absolute, "/");
+ g_string_append (absolute, exec);
+
+ g_free (exec);
+ exec = g_string_free (absolute, FALSE);
+ }
+
if (g_spawn_command_line_sync (exec, &output, NULL, NULL, NULL)) {
engines_node = ibus_xml_parse_buffer (output);
g_free (output);
diff --git a/ui/gtk3/gtkextension.xml.in b/ui/gtk3/gtkextension.xml.in
index b8157c9..fc945ab 100644
--- a/ui/gtk3/gtkextension.xml.in
+++ b/ui/gtk3/gtkextension.xml.in
@@ -3,7 +3,7 @@
<component>
<name>org.freedesktop.IBus.Panel.Extension</name>
<description>Gtk Panel Extension Component</description>
- <exec>@libexecdir@/ibus-extension-gtk3</exec>
+ <exec>ibus-extension-gtk3</exec>
<version>@VERSION@</version>
<author>Takao Fujiwara <takao.fujiwara1 <at> gmail.com></author>
<license>GPL</license>
diff --git a/ui/gtk3/gtkpanel.xml.in b/ui/gtk3/gtkpanel.xml.in
index b61f400..2175b93 100644
--- a/ui/gtk3/gtkpanel.xml.in
+++ b/ui/gtk3/gtkpanel.xml.in
@@ -3,7 +3,7 @@
<component>
<name>org.freedesktop.IBus.Panel</name>
<description>Gtk Panel Component</description>
- <exec>@libexecdir@/ibus-ui-gtk3</exec>
+ <exec>ibus-ui-gtk3</exec>
<version>@VERSION@</version>
<author>Peng Huang <shawn.p.huang <at> gmail.com></author>
<license>GPL</license>
bug-guix <at> gnu.org:bug#47576; Package guix.
(Tue, 20 Apr 2021 14:52:01 GMT) Full text and rfc822 format available.Message #31 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Ricardo Wurmus <rekado <at> elephly.net> To: 47576 <at> debbugs.gnu.org Subject: [security] ibus-daemon launches ungrafted subprocesses Date: Tue, 20 Apr 2021 16:51:08 +0200
merge 47576 22707 thanks Ludo, the patch looks good to me. However, many ibus input methods are not provided by the ibus package itself, so for ibus-anthy or ibus-libpinyin we would need a different mechanism. Would it make sense to introduce another environment variable (e.g. GUIX_IBUS_COMPONENTS_PATH) that specifies a search path on which components are looked up? I feel that this partially defeats the purpose of having a cache, so perhaps this is nonsensical. What do you think? -- Ricardo
bug-guix <at> gnu.org:bug#47576; Package guix.
(Tue, 20 Apr 2021 21:27:02 GMT) Full text and rfc822 format available.Message #34 received at 47576 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Ricardo Wurmus <rekado <at> elephly.net> Cc: 47576 <at> debbugs.gnu.org Subject: Re: bug#47576: [security] ibus-daemon launches ungrafted subprocesses Date: Tue, 20 Apr 2021 23:26:14 +0200
[Message part 1 (text/plain, inline)]
Ricardo Wurmus <rekado <at> elephly.net> skribis: > Ludo, the patch looks good to me. However, many ibus input methods > are not provided by the ibus package itself, so for ibus-anthy or > ibus-libpinyin we would need a different mechanism. Right. > Would it make sense to introduce another environment variable > (e.g. GUIX_IBUS_COMPONENTS_PATH) that specifies a search path on > which components are looked up? I feel that this partially defeats > the purpose of having a cache, so perhaps this is nonsensical. That makes sense to me. Attached is a variant of the previous patch that supports GUIX_IBUS_COMPONENTS_DIRECTORY (not PATH because… it’s complicated). It would be set to $HOME/.guix-profile/libexec. We then need to modify the XML files of ibus-anthy, ibus-libpinyin, etc. so that their <exec> tags use relative file names. Thoughts? Ludo’. PS: IBus still builds with the patch, but that’s all I can say. :-)
[ibus.patch (text/x-patch, inline)]
diff --git a/conf/dconf/dconf.xml.in b/conf/dconf/dconf.xml.in
index 4205cb0..538f500 100644
--- a/conf/dconf/dconf.xml.in
+++ b/conf/dconf/dconf.xml.in
@@ -3,7 +3,7 @@
<component>
<name>org.freedesktop.IBus.Config</name>
<description>Dconf Config Component</description>
- <exec>@libexecdir@/ibus-dconf</exec>
+ <exec>ibus-dconf</exec>
<version>@VERSION@</version>
<author>Daiki Ueno <ueno <at> unixuser.org></author>
<license>GPL</license>
diff --git a/conf/memconf/memconf.xml.in b/conf/memconf/memconf.xml.in
index d6ea690..9f51bcc 100644
--- a/conf/memconf/memconf.xml.in
+++ b/conf/memconf/memconf.xml.in
@@ -2,7 +2,7 @@
<component>
<name>org.freedesktop.IBus.Config</name>
<description>On-memory Config Component</description>
- <exec>@libexecdir@/ibus-memconf</exec>
+ <exec>ibus-memconf</exec>
<version>@VERSION@</version>
<author>Peng Huang <shawn.p.huang <at> gmail.com>, modified by the Chromium OS Authors</author>
<license>GPL</license>
diff --git a/engine/simple.xml.in b/engine/simple.xml.in
index fc1541e..47cbea1 100644
--- a/engine/simple.xml.in
+++ b/engine/simple.xml.in
@@ -2,7 +2,7 @@
<component>
<name>org.freedesktop.IBus.Simple</name>
<description>A table based simple engine</description>
- <exec>@libexecdir@/ibus-engine-simple</exec>
+ <exec>ibus-engine-simple</exec>
<version>@VERSION@</version>
<author>Peng Huang <shawn.p.huang <at> gmail.com></author>
<license>GPL</license>
diff --git a/src/Makefile.am b/src/Makefile.am
index a8e3d07..2c461ee 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -49,6 +49,7 @@ AM_CPPFLAGS = \
@GLIB2_CFLAGS@ \
@GOBJECT2_CFLAGS@ \
@GIO2_CFLAGS@ \
+ -DLIBEXECDIR=\"$(libexecdir)\" \
-DIBUS_CACHE_DIR=\""$(localstatedir)/cache/ibus"\" \
-DIBUS_DATA_DIR=\"$(pkgdatadir)\" \
-DIBUS_DISABLE_DEPRECATION_WARNINGS \
diff --git a/src/Makefile.in b/src/Makefile.in
index 2a9c2ab..c3dfd87 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -613,6 +613,7 @@ CLEANFILES = $(am__append_2) $(BUILT_SOURCES) stamp-ibusmarshalers.h \
# C preprocessor flags
AM_CPPFLAGS = -DG_LOG_DOMAIN=\"IBUS\" @GLIB2_CFLAGS@ @GOBJECT2_CFLAGS@ \
@GIO2_CFLAGS@ \
+ -DLIBEXECDIR=\"$(libexecdir)\" \
-DIBUS_CACHE_DIR=\""$(localstatedir)/cache/ibus"\" \
-DIBUS_DATA_DIR=\"$(pkgdatadir)\" \
-DIBUS_DISABLE_DEPRECATION_WARNINGS -DIBUS_COMPILATION \
diff --git a/src/ibuscomponent.c b/src/ibuscomponent.c
index 9837f47..ca875bd 100644
--- a/src/ibuscomponent.c
+++ b/src/ibuscomponent.c
@@ -613,16 +613,45 @@ ibus_component_parse_engines (IBusComponent *component,
}
if (exec != NULL) {
- gchar *output = NULL;
- if (g_spawn_command_line_sync (exec, &output, NULL, NULL, NULL)) {
- engines_node = ibus_xml_parse_buffer (output);
- g_free (output);
-
- if (engines_node) {
- if (g_strcmp0 (engines_node->name, "engines") == 0) {
- node = engines_node;
+ gint argc;
+ gchar **argv;
+
+ if (g_shell_parse_argv (exec, &argc, &argv, NULL)) {
+ gchar *output = NULL;
+ gchar *program = argv[0];
+
+ if (program[0] != '/') {
+ /* PROGRAM is a relative file name, so assume it's the name
+ of an executable in LIBEXECDIR or
+ $GUIX_IBUS_COMPONENTS_DIRECTORY and expand it. */
+ const gchar *directory;
+ gchar *absolute;
+
+ directory = g_getenv ("GUIX_IBUS_COMPONENTS_DIRECTORY") ?: LIBEXECDIR;
+ absolute = g_malloc (strlen (directory) + strlen (program) + 2);
+ strcpy (absolute, directory);
+ strcat (absolute, "/");
+ strcat (absolute, program);
+
+ g_free (program);
+ argv[0] = absolute;
+ }
+
+ if (g_spawn_sync (NULL, argv, NULL,
+ G_SPAWN_DEFAULT, NULL, NULL,
+ &output, NULL, /* stdout, stderr */
+ NULL, NULL)) {
+ engines_node = ibus_xml_parse_buffer (output);
+ g_free (output);
+
+ if (engines_node) {
+ if (g_strcmp0 (engines_node->name, "engines") == 0) {
+ node = engines_node;
+ }
}
}
+
+ g_strfreev (argv);
}
}
diff --git a/ui/gtk3/gtkextension.xml.in b/ui/gtk3/gtkextension.xml.in
index b8157c9..fc945ab 100644
--- a/ui/gtk3/gtkextension.xml.in
+++ b/ui/gtk3/gtkextension.xml.in
@@ -3,7 +3,7 @@
<component>
<name>org.freedesktop.IBus.Panel.Extension</name>
<description>Gtk Panel Extension Component</description>
- <exec>@libexecdir@/ibus-extension-gtk3</exec>
+ <exec>ibus-extension-gtk3</exec>
<version>@VERSION@</version>
<author>Takao Fujiwara <takao.fujiwara1 <at> gmail.com></author>
<license>GPL</license>
diff --git a/ui/gtk3/gtkpanel.xml.in b/ui/gtk3/gtkpanel.xml.in
index b61f400..2175b93 100644
--- a/ui/gtk3/gtkpanel.xml.in
+++ b/ui/gtk3/gtkpanel.xml.in
@@ -3,7 +3,7 @@
<component>
<name>org.freedesktop.IBus.Panel</name>
<description>Gtk Panel Component</description>
- <exec>@libexecdir@/ibus-ui-gtk3</exec>
+ <exec>ibus-ui-gtk3</exec>
<version>@VERSION@</version>
<author>Peng Huang <shawn.p.huang <at> gmail.com></author>
<license>GPL</license>
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.