- commit
- 46fb2ad1d8f37dd093d9f1d22441982b651796e1
- parent
- fb642beae70b0d249fe6766a06dcbe84227e1e6f
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2024-08-17 15:09
portal: use client supplied app_id Saying that the request is coming from "host" in the prompt is confusing, because it seems to imply that the app is not sandboxed. The client supplied app_id comes from an untrusted source. Still, it is safe to use it because: - Requests from sandboxed applications to this interface get denied - This interface only allows to access the secret with application=org.freedesktop.portal.Secret
Diffstat
| M | xikeyring/dbus.py | 10 | ++++------ |
1 files changed, 4 insertions, 6 deletions
diff --git a/xikeyring/dbus.py b/xikeyring/dbus.py
@@ -373,14 +373,12 @@ class DBusService(BaseDBusService): 373 373 def secret_get_version(self, conn, sender, path): 374 374 return GLib.Variant('u', 1) 375 375376 -1 def secret_retrieve_secret(self, conn, sender, path, handle, client_app_id, fd, options):-1 376 def secret_retrieve_secret(self, conn, sender, path, handle, app_id, fd, options): 377 377 reg_id = self.register_object(conn, handle, 'org.freedesktop.impl.portal.Request') 378 378 try:379 -1 app_id = self.get_app_id(conn, sender)380 -1 attrs = {381 -1 'application': 'org.freedesktop.portal.Secret',382 -1 'app_id': client_app_id,383 -1 }-1 379 if self.get_app_id(conn, sender): -1 380 raise AccessDeniedError -1 381 attrs = {'application': 'org.freedesktop.portal.Secret'} 384 382 ids = self.keyring.search_items(app_id, attrs) 385 383 if ids: 386 384 secret = self.keyring.get_secret(app_id, ids[0])