auth: Reject DBUS_COOKIE_SHA1 for users other than the server owner
The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership of a shared home directory by having the server write a secret "cookie" into a .dbus-keyrings subdirectory of the desired identity's home directory with 0700 permissions, and having the client prove that it can read the cookie. This never actually worked for non-malicious clients in the case where server uid != client uid (unless the server and client both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional Unix uid 0) because an unprivileged server would fail to write out the cookie, and an unprivileged client would be unable to read the resulting file owned by the server. Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings is owned by the uid of the server (a side-effect of a check added to harden our use of XDG_RUNTIME_DIR), further ruling out successful use by a non-malicious client with a uid differing from the server's. Joe Vennix of...
Showing with 32 additions and 0 deletions