Skip to content

Invalid UTF-8 GLib warning when running specially crafted command with pkexec #559

@vejkse

Description

@vejkse

Describe the bug

If I pass specially crafted arguments with some non-ASCII characters to programs run with pkexec, I get this warning:

(process:43224): GLib-CRITICAL **: 12:37:52.308: g_variant_new_string(): requires valid UTF-8

This doesn’t prevent authentication and/or the normal execution of the command.

To Reproduce

Steps to reproduce the behavior:

  1. Create an empty executable /usr/local/bin/abcdefghi.
  2. Run pkexec abcdefghi __________________ö____________________é______________
  3. The warning (process:49007): GLib-CRITICAL **: 13:07:10.968: g_variant_new_string(): requires valid UTF-8 appears twice, then I’m asked to authenticate myself.

Notes:

  • The program full path must have at least 24 characters.
  • The special argument can also be the second, the third, etc.
  • The special argument must have exactly 54 characters (a bit less or a bit more and I cannot reproduce the bug — it’s possible that very different lengths would work).
  • The special argument must have a non-ASCII character in the 19th position, and another non-ASCII character in any of the following positions. The other characters can be “anything”.
  • The program /usr/local/bin/abcdefghi must exists, if it doesn’t, the warning doesn’t appear.
  • The warning appears twice if an authentication is required, but only once if not.
  • The program runs afterward, so this is not a blocking error.

(I was quite lucky to stumble upon an argument that matches these conditions!)

Expected behavior

No such warning.

Desktop (please complete the following information):

  • OS (including version): Linux 6.14.3-arch1-1
  • Desktop Environment [Gnome, KDE, ...]: XMonad
  • Version of polkit: 126

Please...

Here’s the output of journalctl -u polkit.service for one such run (the failure of authentication is because I cancelled):

Apr 30 13:13:34 arckse2 polkitd[1010]: Registered Authentication Agent for unix-process:49886:2140794 (system bus name :1.855 [pkexec abcdefghi __________________ö____________________é______________], object path /org/freedesktop/PolicyKi>
Apr 30 13:13:35 arckse2 polkitd[1010]: Unregistered Authentication Agent for unix-process:49886:2140794 (system bus name :1.855, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Apr 30 13:13:35 arckse2 polkitd[1010]: Operator of unix-process:49886:2140794 FAILED to authenticate to gain authorization for action org.freedesktop.policykit.exec for unix-process:49886:2140794 [/bin/bash] (owned by unix-user:vejkse)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions