• Simon McVittie's avatar
    Hardening: only accept Stats function calls at the canonical object path · eec885de
    Simon McVittie authored
    These function calls are not a privilege escalation risk like
    UpdateActivationEnvironment, but they might provide sensitive
    information or be enhanced to provide sensitive information
    in future, so the default system.conf locks them down to root-only.
    Apply the same canonical-object-path hardening as for
    UpdateActivationEnvironment.
    
    We do not apply the uid check here because they are less dangerous
    than UpdateActivationEnvironment, and because the ability to unlock
    these function calls for specific uids is a documented configuration
    for developers.
    Reviewed-by: Thiago Macieira's avatarThiago Macieira <thiago@kde.org>
    [added missing #include; extended commit message -smcv]
    eec885de
stats.c 7.47 KB