Commit a67cb9bf authored by Simon McVittie's avatar Simon McVittie

Hardening: only allow the uid of the dbus-daemon to call UpdateActivationEnvironment

As with the previous commit, this is probably not actually privilege
escalation due to the use of an activation helper that cleans up its
environment, but let's be extra-careful here.
Reviewed-by: Thiago Macieira's avatarThiago Macieira <thiago@kde.org>
[adjusted commit message -smcv]
parent 6a3f563a
......@@ -881,6 +881,41 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
if (!bus_driver_check_message_is_for_us (message, error))
return FALSE;
#ifdef DBUS_UNIX
{
/* UpdateActivationEnvironment is basically a recipe for privilege
* escalation so let's be extra-careful: do not allow the sysadmin
* to shoot themselves in the foot. */
unsigned long uid;
if (!dbus_connection_get_unix_user (connection, &uid))
{
bus_context_log (bus_transaction_get_context (transaction),
DBUS_SYSTEM_LOG_SECURITY,
"rejected attempt to call UpdateActivationEnvironment by "
"unknown uid");
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"rejected attempt to call UpdateActivationEnvironment by "
"unknown uid");
return FALSE;
}
/* On the system bus, we could in principle allow uid 0 to call
* UpdateActivationEnvironment; but they should know better anyway,
* and our default system.conf has always forbidden it */
if (!_dbus_unix_user_is_process_owner (uid))
{
bus_context_log (bus_transaction_get_context (transaction),
DBUS_SYSTEM_LOG_SECURITY,
"rejected attempt to call UpdateActivationEnvironment by uid %lu",
uid);
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"rejected attempt to call UpdateActivationEnvironment");
return FALSE;
}
}
#endif
activation = bus_connection_get_activation (connection);
dbus_message_iter_init (message, &iter);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment