- Aug 25, 2015
-
-
Simon McVittie authored
-
Simon McVittie authored
libcap-ng < 0.7.7 leaks one non-close-on-exec fd during initialization. test-bus asserts that all fds beyond 2 passed to an executed subprocess have the close-on-exec flag set, which will fail at that leaked fd. This was unnoticed until commit 517c4685, because libaudit was previously only initialized if we were configured to switch uid, which the regression tests do not do; the system bus is normally the only place that happens, but the system bus is not normally run with the "embedded tests" enabled (since they are bad for performance and security). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
-
Simon McVittie authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684 Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-
- Aug 06, 2015
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Laurent Bigonville authored
This will effectively print a warning when failing to open the audit socket running as a session bus. The call to audit_open() should succeed even if the dbus-daemon doesn't have the CAP_AUDIT_WRITE capability. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83856 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Laurent Bigonville authored
If SELinux is enabled on the system, dbus will check the permissions but no audit trails will be generated in case of denial as the audit subsystem is not initialized. Same should apply for apparmor. [smcv: without audit, the equivalent of the audit trail goes to stderr where it can be picked up by systemd-journald] A unprivileged user should be able to open the audit socket (audit_open()) but should not have the permissions to log an audit trail. The CAP_AUDIT_WRITE file capability could be set on the dbus-daemon executable in order to allow the session bus to log an AVC denial. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83856 [smcv: s/should/could/ in commit message to reflect lack of consensus that "setcap cap_audit_write+ep dbus-daemon" is desirable in general] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225 Reviewed-by: Colin Walters <walters@verbum.org> Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
This fixes various duplicated libaudit interactions in both SELinux and AppArmor code paths, including opening two audit sockets if both SELinux and AppArmor were enabled at compile time. In particular, audit.c is now the only user of libcap-ng. This commit is not intended to introduce any functional changes, except for the de-duplication. The actual audit_log_user_avc_message() call is still duplicated, because the SELinux and AppArmor code paths use different mechanisms to compose the audit message: the SELinux path uses a statically-sized buffer on the stack which might be subject to truncation, whereas the AppArmor path uses malloc() (via DBusString) and falls back to using syslog on a memory allocation failure. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225 Reviewed-by: Colin Walters <walters@verbum.org> [smcv: minor issues raised during review are subsequently fixed] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Rolland Dudemaine authored
[smcv: added commit message; moved fallback implementation below definition of DBusPollable; more comments; removed unnecessary cast] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90314 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
- Jul 21, 2015
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
Conflicts: .gitignore NEWS tools/dbus-monitor.c
-
Simon McVittie authored
-
Simon McVittie authored
A normal DBusConnection will automatically reply to o.fd.Peer messages such as Ping. We don't want this: we'll confuse everyone else by replying to messages that weren't intended for us. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> (cherry picked from commit d9ee040d, commit message adjusted to describe the impact in versions < 1.9) Conflicts: tools/dbus-monitor.c
-
Simon McVittie authored
(cherry picked from commit 1895a8ee)
-
Simon McVittie authored
This does not directly test the code in the previous commit, but it does confirm that calling dbus_connection_set_route_peer_messages() is enough to fix the observed bug. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> [smcv: re-worded commit message in response to review]
-
Simon McVittie authored
A normal DBusConnection will automatically reply to o.fd.Peer messages such as Ping. We don't want this: if we are using traditional eavesdropping with an older dbus-daemon, we'll confuse everyone else by replying to messages that weren't intended for us. If we are using the new Monitoring interface (since 1.9.12), the same still applies, but in addition, the dbus-daemon will disconnect us for not being a well-behaved monitor. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
-
- Jul 13, 2015
-
-
Ralf Habacker authored
bus_registry_new: Assert in case of not valid context parameter to avoid potiental crashes (CID 54764). Because the context parameter is dereferenced several times in related code without a null check, we need to make sure to have a valid context. Reported by Coverity: CID 54764: Dereference after null check (FORWARD_NULL) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
- Jun 17, 2015
-
-
Simon McVittie authored
Conflicts: NEWS
-
Simon McVittie authored
-
Jacek Bukarewicz authored
Reply message was not unreferenced when GetConnectionCredentials handler was successful. Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com> [smcv: changed bus_message_unref() to dbus_message_unref()] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91008
-
Simon McVittie authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
-
Simon McVittie authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
-
- May 27, 2015
-
-
Simon McVittie authored
-
Dimitri John Ledkov authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Dimitri John Ledkov authored
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
-
- May 14, 2015
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
Conflicts: NEWS
-
Simon McVittie authored
-
Simon McVittie authored
Conflicts: NEWS cmake/CMakeLists.txt configure.ac
-
Simon McVittie authored
This is more robust against broken setups where we run out of memory or cannot read /dev/urandom. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: document @Error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
Previously, this would always succeed, but might use weak random numbers in rare failure cases. I don't think these UUIDs are security-sensitive, but if they're generated by a PRNG as weak as rand() (<= 32 bits of entropy), we certainly can't claim that they're universally unique. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: document @Error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
This can currently only fail from OOM, but I'm about to make it possible to fail from insufficient entropy. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: document @Error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-
Simon McVittie authored
This can currently only fail due to OOM, but I'm about to make it possible to fail for other reasons. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: correct failure to set error in one case; document @Error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
-