Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • D dbus
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 33
    • Merge requests 33
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • dbus
  • dbus
  • Issues
  • #290

Closed
Open
Created Jan 22, 2020 by Igor Zhbanov@izh

Check EGID of the client when deciding whether to send a message

Currently D-Bus daemon checks only primary GID and supplementary groups of a client process when deciding whether to allow to send some message.

So if some privileged process made setegid() (and not setgid()) to launch some privileged child. Then this child would be unable to use restricted D-Bus API because it would still have unprivileged real GID. But since all GIDS (real, effective and supplementary) should be treated equally I suggest to check EGID too.

There was a previous discussion of the topic here: https://bugs.freedesktop.org/show_bug.cgi?format=multiple&id=97821

Which resulted in adding of the support of supplementary groups handling: https://bugs.freedesktop.org/show_bug.cgi?id=103737

But the EGID is still ignored.

Edited Jan 22, 2020 by Igor Zhbanov
Assignee
Assign to
Time tracking