Commit 6db561dc authored by John Palmieri's avatar John Palmieri

CVE-2008-0595 dbus security policy circumvention

* CVE-2008-0595 - security policy of the type <allow send_interface=
  "some.interface.WithMethods"/> work as an implicit allow for
  messages sent without an interface bypassing the default deny rules
  and potentially allowing restricted methods exported on the bus to be
  executed by unauthorized users.  This patch fixes the issue.
* bus/policy.c (bus_client_policy_check_can_send,
  bus_client_policy_check_can_receive): skip messages without an
  interface when evaluating an allow rule, and thus pass it to the
  default deny rules
parent 381c8548
2008-02-26 John (J5) Palmieri <johnp@redhat.com>
* CVE-2008-0595 - security policy of the type <allow send_interface=
"some.interface.WithMethods"/> work as an implicit allow for
messages sent without an interface bypassing the default deny rules
and potentially allowing restricted methods exported on the bus to be
executed by unauthorized users. This patch fixes the issue.
* bus/policy.c (bus_client_policy_check_can_send,
bus_client_policy_check_can_receive): skip messages without an
interface when evaluating an allow rule, and thus pass it to the
default deny rules
2008-02-26 John (J5) Palmieri <johnp@redhat.com>
* correctly unref connections without guids during shutdown
......
......@@ -942,9 +942,19 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
if (rule->d.send.interface != NULL)
{
if (dbus_message_get_interface (message) != NULL &&
strcmp (dbus_message_get_interface (message),
rule->d.send.interface) != 0)
/* The interface is optional in messages. For allow rules, if the message
* has no interface we want to skip the rule (and thus not allow);
* for deny rules, if the message has no interface we want to use the
* rule (and thus deny).
*/
dbus_bool_t no_interface;
no_interface = dbus_message_get_interface (message) == NULL;
if ((no_interface && rule->allow) ||
(!no_interface &&
strcmp (dbus_message_get_interface (message),
rule->d.send.interface) != 0))
{
_dbus_verbose (" (policy) skipping rule for different interface\n");
continue;
......@@ -1128,9 +1138,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
if (rule->d.receive.interface != NULL)
{
if (dbus_message_get_interface (message) != NULL &&
strcmp (dbus_message_get_interface (message),
rule->d.receive.interface) != 0)
/* The interface is optional in messages. For allow rules, if the message
* has no interface we want to skip the rule (and thus not allow);
* for deny rules, if the message has no interface we want to use the
* rule (and thus deny).
*/
dbus_bool_t no_interface;
no_interface = dbus_message_get_interface (message) == NULL;
if ((no_interface && rule->allow) ||
(!no_interface &&
strcmp (dbus_message_get_interface (message),
rule->d.receive.interface) != 0))
{
_dbus_verbose (" (policy) skipping rule for different interface\n");
continue;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment