From 242971667b66fea86d4cfb5a4d0a396e5a7b5e8b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 11 Aug 2009 03:54:57 +0200
Subject: make CK database world readable

The CK database shall be readable by the D-Bus daemon which runs under
its own user id hence make sure it is readable for non-root processes.

To make sure this leaks no information this drops the session cookie
from the database.
---
 src/ck-manager.c        | 2 +-
 src/ck-session-leader.c | 1 -
 src/ck-session.c        | 4 ----
 3 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/ck-manager.c b/src/ck-manager.c
index bb65d73..d5d2c65 100644
--- a/src/ck-manager.c
+++ b/src/ck-manager.c
@@ -200,7 +200,7 @@ ck_manager_dump (CkManager *manager)
                 return;
         }
 
-        fd = g_open (filename_tmp, O_CREAT | O_WRONLY, 0600);
+        fd = g_open (filename_tmp, O_CREAT | O_WRONLY, 0644);
         if (fd == -1) {
                 g_warning ("Cannot create file %s: %s", filename_tmp, g_strerror (errno));
                 goto error;
diff --git a/src/ck-session-leader.c b/src/ck-session-leader.c
index 322b7fd..3702602 100644
--- a/src/ck-session-leader.c
+++ b/src/ck-session-leader.c
@@ -689,7 +689,6 @@ ck_session_leader_dump (CkSessionLeader *session_leader,
         g_key_file_set_string (key_file, group_name, "session", session_leader->priv->session_id);
         g_key_file_set_integer (key_file, group_name, "uid", session_leader->priv->uid);
         g_key_file_set_integer (key_file, group_name, "pid", session_leader->priv->pid);
-        g_key_file_set_string (key_file, group_name, "cookie", session_leader->priv->cookie);
         g_key_file_set_string (key_file, group_name, "service_name", session_leader->priv->service_name);
 
         g_free (group_name);
diff --git a/src/ck-session.c b/src/ck-session.c
index 4009ee1..97e1ce2 100644
--- a/src/ck-session.c
+++ b/src/ck-session.c
@@ -1306,10 +1306,6 @@ ck_session_dump (CkSession *session,
                                group_name,
                                "seat",
                                NONULL_STRING (session->priv->seat_id));
-        g_key_file_set_string (key_file,
-                               group_name,
-                               "cookie",
-                               NONULL_STRING (session->priv->cookie));
         if (session->priv->session_type != NULL) {
                 g_key_file_set_string (key_file,
                                        group_name,
-- 
cgit