https://bugzilla.novell.com/show_bug.cgi?id=428963
User thoenig@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=428963#c53
--- Comment #53 from Timo Hoenig
the fix looks
a) wrong b) dangerous
wrong because why should root access a user's session bus? What does root want to call there? Could it be that this is by accident and some gui su program calls su instead of su - therefore preserving DBUS_SESSION_BUS_ADDRESS?
dangerous because libdbus will autolaunch a session bus if there is none. In that case there are dbus-launch processes hanging around that expose the necessary arguments to reconstruct the session bus address. Therefore any user can gain access to the session bus.
Right, I didn't think about autolaunched session buses. As all this worked before I suspect some change in gnomesu -- however, the following works for me: $ cat print-session.sh && gnomesu ./print-session.sh #/bin/sh echo $DBUS_SESSION_BUS_ADDRESS unix:abstract=/tmp/dbus-lM4AAX8FVx,guid=9082ee69f365677be77a6f8f49057de7 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.