Commit eec885de authored by Simon McVittie's avatar Simon McVittie

Hardening: only accept Stats function calls at the canonical object path

These function calls are not a privilege escalation risk like
UpdateActivationEnvironment, but they might provide sensitive
information or be enhanced to provide sensitive information
in future, so the default system.conf locks them down to root-only.
Apply the same canonical-object-path hardening as for
UpdateActivationEnvironment.

We do not apply the uid check here because they are less dangerous
than UpdateActivationEnvironment, and because the ability to unlock
these function calls for specific uids is a documented configuration
for developers.
Reviewed-by: Thiago Macieira's avatarThiago Macieira <thiago@kde.org>
[added missing #include; extended commit message -smcv]
parent 4daf4bdc
......@@ -29,6 +29,7 @@
#include <dbus/dbus-connection-internal.h>
#include "connection.h"
#include "driver.h"
#include "services.h"
#include "utils.h"
......@@ -49,6 +50,9 @@ bus_stats_handle_get_stats (DBusConnection *connection,
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
if (!bus_driver_check_message_is_for_us (message, error))
return FALSE;
context = bus_transaction_get_context (transaction);
connections = bus_context_get_connections (context);
......@@ -131,6 +135,9 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
if (!bus_driver_check_message_is_for_us (message, error))
return FALSE;
registry = bus_connection_get_registry (caller_connection);
if (! dbus_message_get_args (message, error,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment