$ tinynotify-send -w dupa Connecting to D-Bus failed: Unable to autolaunch when setuid https://bitbucket.org/mgorny/libtinynotify-systemwide/src/master/lib/tinynotify-systemwide.c I'd appreciate if someone helped me make it work now...
normal `notify-send` works fine here...
(In reply to comment #1) > normal `notify-send` works fine here... No, it won't. Try it as root. That's a case for libtinynotify-systemwide.
you have dbus covering your X11 session, right? ps -C dbus-launch PID TTY TIME CMD 10129 tty1 00:00:00 dbus-launch $ export |grep DBUS declare -x DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-HsImV5Woja,guid=e8b284b1533869ec04b157c2505d9e08" as in, ~/.xinitrc has something like "dbus-launch --exit-with-session openbox-session" (just a crude example)
(In reply to comment #3) > you have dbus covering your X11 session, right? Yes.
su, sudo -s, sudo -i, ... everytime it keeps working here, and nobody would run X11 as root (so I don't know what to tell you, tested with 3 different desktops and with lightdm and startx)
(In reply to comment #5) > su, sudo -s, sudo -i, ... everytime it keeps working here, and nobody would > run X11 as root (so I don't know what to tell you, tested with 3 different > desktops and with lightdm and startx) (tested obviously with normal libnotify, not touching this tinynotify stuff, sorry)
(In reply to comment #6) > (In reply to comment #5) > > su, sudo -s, sudo -i, ... everytime it keeps working here, and nobody would > > run X11 as root (so I don't know what to tell you, tested with 3 different > > desktops and with lightdm and startx) > > (tested obviously with normal libnotify, not touching this tinynotify stuff, > sorry) I guess I'll have to end up forking and dropping privileges completely rather than using setresuid() to maintain ability to switch back... or I could use capabilities.
might try applying this on top of =dev-libs/glib-2.32* and retest, http://pkgs.fedoraproject.org/cgit/glib2.git/diff/0001-CVE-2012-3524-Hardening-for-being-run-in-a-setuid-en.patch?h=f17 the better fix should be in 2.34, the dbus patch is also only a temporary and i'm dropping it from next release...
seen https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3524 ?
I don't think either is really relevant. I guess I was using the hole which is now closed. I can use the other one which will work until someone notices 'hey, capabilities provide yet another hole!' or just start forking like crazy.
Ok, fixed through forking in -0.1.
