Commit 3f407671 authored by Simon McVittie's avatar Simon McVittie

Make uid 0 immune to pending_fd_timeout limit

This is a workaround for
<>. If a service
sends a file descriptor sufficiently frequently that its queue of
messages never goes down to 0 fds pending, then it will eventually be
disconnected. logind is one such service.

We do not currently have a good solution for this: the proposed
patches either don't work, or reintroduce a denial of service
security vulnerability (CVE-2014-3637). Neither seems desirable.
However, we can avoid the worst symptoms by trusting uid 0 not to be

Reviewed-by: Łukasz Zemczak
Tested-by: Ivan Kozik
Tested-by: Finn Herpich
Tested-by: autostatic
Tested-by: Ben Parafina
Signed-off-by: default avatarSimon McVittie <>
(cherry picked from commit d5fae1db)
[smcv: omit the test/dbus-daemon.c part, which does not apply unless
a363822f is also applied]
parent 8551c68d
......@@ -672,10 +672,24 @@ pending_unix_fds_timeout_cb (void *data)
DBusConnection *connection = data;
BusConnectionData *d = BUS_CONNECTION_DATA (connection);
unsigned long uid;
int limit;
_dbus_assert (d != NULL);
limit = bus_context_get_pending_fd_timeout (d->connections->context);
if (dbus_connection_get_unix_user (connection, &uid) && uid == 0)
bus_context_log (d->connections->context, DBUS_SYSTEM_LOG_WARNING,
"Connection \"%s\" (%s) has had Unix fds pending for "
"too long (pending_fd_timeout=%dms); tolerating it, "
"because it has uid 0",
d->name != NULL ? d->name : "(null)",
bus_connection_get_loginfo (connection),
return TRUE;
bus_context_log (d->connections->context, DBUS_SYSTEM_LOG_WARNING,
"Connection \"%s\" (%s) has had Unix fds pending for too long, "
"closing it (pending_fd_timeout=%d ms)",
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment