Commit e608fbd8 authored by David Edmundson's avatar David Edmundson
Browse files

Do not pass ntpUtility as an argument to datetime helper

Passing the name of a binary to run to a polkit helper is a security
risk as it allows any arbitrary process to be executed.

This patch moves the detection of ntp utility location into the helper
function.
parent 58bb376f
...@@ -246,9 +246,8 @@ void Dtime::save( QVariantMap& helperargs ) ...@@ -246,9 +246,8 @@ void Dtime::save( QVariantMap& helperargs )
helperargs["ntp"] = true; helperargs["ntp"] = true;
helperargs["ntpServers"] = list; helperargs["ntpServers"] = list;
helperargs["ntpEnabled"] = setDateTimeAuto->isChecked(); helperargs["ntpEnabled"] = setDateTimeAuto->isChecked();
helperargs["ntpUtility"] = ntpUtility;
if(setDateTimeAuto->isChecked() && !ntpUtility.isEmpty()){ if(setDateTimeAuto->isChecked()) {
// NTP Time setting - done in helper // NTP Time setting - done in helper
timeServer = timeServerList->currentText(); timeServer = timeServerList->currentText();
kDebug() << "Setting date from time server " << timeServer; kDebug() << "Setting date from time server " << timeServer;
......
...@@ -52,8 +52,7 @@ ...@@ -52,8 +52,7 @@
// clears it. So we have to use a reasonable default. // clears it. So we have to use a reasonable default.
static const QString exePath = QLatin1String("/usr/sbin:/usr/bin:/sbin:/bin"); static const QString exePath = QLatin1String("/usr/sbin:/usr/bin:/sbin:/bin");
int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled, int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled )
const QString& ntpUtility )
{ {
int ret = 0; int ret = 0;
...@@ -69,6 +68,11 @@ int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled, ...@@ -69,6 +68,11 @@ int ClockHelper::ntp( const QStringList& ntpServers, bool ntpEnabled,
config.writeEntry("servers", ntpServers ); config.writeEntry("servers", ntpServers );
config.writeEntry("enabled", ntpEnabled ); config.writeEntry("enabled", ntpEnabled );
QString ntpUtility = QStandardPaths::findExecutable("ntpdate");
if (!ntpUtility) {
ntpUtility = QStandardPaths::findExecutable("rdate");
}
if ( ntpEnabled && !ntpUtility.isEmpty() ) { if ( ntpEnabled && !ntpUtility.isEmpty() ) {
// NTP Time setting // NTP Time setting
QString timeServer = ntpServers.first(); QString timeServer = ntpServers.first();
...@@ -234,7 +238,7 @@ ActionReply ClockHelper::save(const QVariantMap &args) ...@@ -234,7 +238,7 @@ ActionReply ClockHelper::save(const QVariantMap &args)
int ret = 0; // error code int ret = 0; // error code
// The order here is important // The order here is important
if( _ntp ) if( _ntp )
ret |= ntp( args.value("ntpServers").toStringList(), args.value("ntpEnabled").toBool(), args.value("ntpUtility").toString() ); ret |= ntp( args.value("ntpServers").toStringList(), args.value("ntpEnabled").toBool());
if( _date ) if( _date )
ret |= date( args.value("newdate").toString(), args.value("olddate").toString() ); ret |= date( args.value("newdate").toString(), args.value("olddate").toString() );
if( _tz ) if( _tz )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment