Always accept connections as root if unable to find an owning user

When running as root, we look through /proc to try to identify our
parent and check that it matches the user making a connection. However,
this check does not always yield useful information and also will
always fail on anything that isn't Linux. Unsure what security
implications this change has, but then it isn't ideal to run UI as
the super-user in the first place, yet users sometimes need to do so
for various reasons, and a11y needs to be enabled, so adding this
change unless a better solution is found.

diff --git a/atk-adaptor/bridge.c b/atk-adaptor/bridge.c
index 9c2117f53fb2478dc0198763dd0e3b37793fbac2..d0ca5da0d89ca100bd23a67a7ff6337bcc3221a6 100644 (file)
--- a/atk-adaptor/bridge.c
+++ b/atk-adaptor/bridge.c
@@ -661,7 +661,10 @@ user_check (DBusConnection *bus, unsigned long uid, void *data)
   if (uid == getuid () || uid == geteuid ())
     return TRUE;
   if (getuid () == 0)
-    return get_ancestral_uid (getpid ()) == uid;
+  {
+    guint ancestor = get_ancestral_uid (getpid ());
+    return (ancestor == uid || ancestor == 1 || ancestor == 0);
+  }
   return FALSE;
 }