1. 23 Aug, 2013 1 commit
  2. 12 Jun, 2013 1 commit
  3. 10 May, 2013 1 commit
  4. 08 Apr, 2013 1 commit
  5. 12 Feb, 2013 1 commit
  6. 28 Sep, 2012 2 commits
    • Colin Walters's avatar
      CVE-2012-3524: Don't access environment variables or run dbus-launch when setuid · a52319bc
      Colin Walters authored
      This matches a corresponding change in GLib.  See
      glib/gutils.c:g_check_setuid().
      
      Some programs attempt to use libdbus when setuid; notably the X.org
      server is shipped in such a configuration. libdbus never had an
      explicit policy about its use in setuid programs.
      
      I'm not sure whether we should advertise such support.  However, given
      that there are real-world programs that do this currently, we can make
      them safer with not too much effort.
      
      Better to fix a problem caused by an interaction between two
      components in *both* places if possible.
      
      How to determine whether or not we're running in a privilege-escalated
      path is operating system specific.  Note that GTK+'s code to check
      euid versus uid worked historically on Unix, more modern systems have
      filesystem capabilities and SELinux domain transitions, neither of
      which are captured by the uid comparison.
      
      On Linux/glibc, the way this works is that the kernel sets an
      AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
      startup.  If found, then glibc sets a public-but-undocumented
      __libc_enable_secure variable which we can use.  Unfortunately, while
      it *previously* worked to check this variable, a combination of newer
      binutils and RPM break it:
      http://www.openwall.com/lists/owl-dev/2012/08/14/1
      
      So for now on Linux/glibc, we fall back to the historical Unix version
      until we get glibc fixed.
      
      On some BSD variants, there is a issetugid() function.  On other Unix
      variants, we fall back to what GTK+ has been doing.
      Reported-by: default avatarSebastian Krahmer <krahmer@suse.de>
      Signed-off-by: Colin Walters's avatarColin Walters <walters@verbum.org>
      a52319bc
    • Colin Walters's avatar
      CVE-2012-3524: Don't access environment variables or run dbus-launch when setuid · 23fe78ce
      Colin Walters authored
      This matches a corresponding change in GLib.  See
      glib/gutils.c:g_check_setuid().
      
      Some programs attempt to use libdbus when setuid; notably the X.org
      server is shipped in such a configuration. libdbus never had an
      explicit policy about its use in setuid programs.
      
      I'm not sure whether we should advertise such support.  However, given
      that there are real-world programs that do this currently, we can make
      them safer with not too much effort.
      
      Better to fix a problem caused by an interaction between two
      components in *both* places if possible.
      
      How to determine whether or not we're running in a privilege-escalated
      path is operating system specific.  Note that GTK+'s code to check
      euid versus uid worked historically on Unix, more modern systems have
      filesystem capabilities and SELinux domain transitions, neither of
      which are captured by the uid comparison.
      
      On Linux/glibc, the way this works is that the kernel sets an
      AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
      startup.  If found, then glibc sets a public-but-undocumented
      __libc_enable_secure variable which we can use.  Unfortunately, while
      it *previously* worked to check this variable, a combination of newer
      binutils and RPM break it:
      http://www.openwall.com/lists/owl-dev/2012/08/14/1
      
      So for now on Linux/glibc, we fall back to the historical Unix version
      until we get glibc fixed.
      
      On some BSD variants, there is a issetugid() function.  On other Unix
      variants, we fall back to what GTK+ has been doing.
      Reported-by: default avatarSebastian Krahmer <krahmer@suse.de>
      Signed-off-by: Colin Walters's avatarColin Walters <walters@verbum.org>
      23fe78ce
  7. 12 Apr, 2012 2 commits
    • David Zeuthen's avatar
      Avoid using monotonic time in the DBUS_COOKIE_SHA1 authentication method · 87035143
      David Zeuthen authored
      When libdbus-1 moved to using monotonic time support for the
      DBUS_COOKIE_SHA1 authentication was broken, in particular
      interoperability with non-libdbus-1 implementations such as GDBus.
      
      The problem is that if monotonic clocks are available in the OS,
      _dbus_get_current_time() will not return the number of seconds since
      the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
      specification. If both peers are using libdbus-1 it's not a problem
      since both ends will use the wrong time and thus agree. However, if
      the other end is another implementation and following the spec it will
      not work.
      
      First, we change _dbus_get_current_time() back so it always returns
      time since the Epoch and we then rename it _dbus_get_real_time() to
      make this clear. We then introduce _dbus_get_monotonic_time() and
      carefully make all current users of _dbus_get_current_time() use it,
      if applicable. During this audit, one of the callers,
      _dbus_generate_uuid(), was currently using monotonic time but it was
      decided to make it use real time instead.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
      87035143
    • David Zeuthen's avatar
      Avoid using monotonic time in the DBUS_COOKIE_SHA1 authentication method · 8734e4a1
      David Zeuthen authored
      When libdbus-1 moved to using monotonic time support for the
      DBUS_COOKIE_SHA1 authentication was broken, in particular
      interoperability with non-libdbus-1 implementations such as GDBus.
      
      The problem is that if monotonic clocks are available in the OS,
      _dbus_get_current_time() will not return the number of seconds since
      the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
      specification. If both peers are using libdbus-1 it's not a problem
      since both ends will use the wrong time and thus agree. However, if
      the other end is another implementation and following the spec it will
      not work.
      
      First, we change _dbus_get_current_time() back so it always returns
      time since the Epoch and we then rename it _dbus_get_real_time() to
      make this clear. We then introduce _dbus_get_monotonic_time() and
      carefully make all current users of _dbus_get_current_time() use it,
      if applicable. During this audit, one of the callers,
      _dbus_generate_uuid(), was currently using monotonic time but it was
      decided to make it use real time instead.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
      8734e4a1
  8. 04 Jan, 2012 1 commit
    • Simon McVittie's avatar
      Revert all changes since a36d4918 · 5df8c3db
      Simon McVittie authored
      Someone seems to have merged part of master into 1.4. Again. Let's go
      back to the "last known good" point (the branch-point of some 1.4
      branches I had locally), then we can cherry-pick the changes that
      should have gone in.
      5df8c3db
  9. 24 Aug, 2011 1 commit
  10. 25 Jul, 2011 1 commit
  11. 18 Jul, 2011 1 commit
  12. 03 Feb, 2011 1 commit
  13. 29 Dec, 2010 1 commit
  14. 14 Dec, 2010 1 commit
  15. 27 Sep, 2010 1 commit
  16. 17 Jun, 2010 1 commit
    • Will Thompson's avatar
      Fix dbus-sysdeps.h on amd64, again. · d9f9c251
      Will Thompson authored
      HAVE_STDINT_H is defined in config.h, but that's not much use if
      config.h isn't included. The new file dbus/dbus-config.c includes this
      header without including config.h first, so fails to build.
      
      Since dbus-sysdeps.h is internal, we can include config.h with impunity,
      rather than relying on our callers to do so. Also, there's no need to
      include stdint.h twice.
      d9f9c251
  17. 10 Jun, 2010 1 commit
  18. 18 May, 2010 1 commit
  19. 05 May, 2010 1 commit
  20. 03 May, 2010 1 commit
  21. 21 Apr, 2010 1 commit
  22. 13 Apr, 2010 2 commits
  23. 22 Mar, 2010 1 commit
  24. 19 Mar, 2010 1 commit
  25. 16 Mar, 2010 2 commits
  26. 02 Feb, 2010 1 commit
    • Colin Walters's avatar
      Fix compilation in --disable-selinux case · 3dac125d
      Colin Walters authored
      _dbus_change_to_daemon_user moved into selinux.c for the --with-selinux
      (and audit) case because that's where all of the relevant libcap headers
      were being used.  However in the --disable-selinux case this didn't
      compile and wasn't very clean.
      
      If we don't have libaudit, use the legacy direct setgid/setuid bits
      we had before in dbus-sysdeps-util-unix.c.
      3dac125d
  27. 29 Jan, 2010 1 commit
  28. 28 Jan, 2010 1 commit
  29. 20 Dec, 2009 1 commit
  30. 18 Dec, 2009 4 commits
  31. 01 Dec, 2009 3 commits
    • Frank Osterfeld's avatar
      Windows fixes · d9e4725f
      Frank Osterfeld authored
      Replace dbus_daemon_init() by dbus_publish_session_bus_address(),
      publishing the full address. Omit username from mutexes (not necessary
      as mutex names are local to session). Don't exit if publishing the
      address failed (allow multiple session bus instances per
      session). Based on 00ee92ae314 by Tor Lillqvist.
      
      Cherry-picked from commit 23945513e9a4da61d286ebfbce3897aa061ddbfe in
      the dbus4win repository by tml@iki.fi. Remove claim of that commit not
      being merged from README.dbus4win.
      d9e4725f
    • Frank Osterfeld's avatar
      Fixes to the nonce code · 0617102b
      Frank Osterfeld authored
      Cherry-picked from commit f9bc0f4bd036f6ede5d9850fb0f8587178c85f44 in
      the dbus4win repository, slightly massaged to apply by tml@iki.fi.
      0617102b
    • Frank Osterfeld's avatar
      Cleanup of nonce code · 25ceeeb6
      Frank Osterfeld authored
      Remove the write_file function and use the existing
      _dbus_string_save_to_file, improve error handling
      
      Cherry picked from commit 0f7b026d01be7e0fd444cdb56e5f9b7a5137a062 in
      the dbus4win repository. Edited to apply and fix whitespace issues by
      tml@iki.fi.
      25ceeeb6