picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

sd-bus: always catch name requests for the special names "org.freedesktop.DBus" and "org.freedesktop.DBus.Local" and refuse them

Browse source
This commit is contained in:
Lennart Poettering 2015-01-07 19:29:14 +01:00
parent b80c66ba98
commit 210a68826f
2 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/bus-proxyd/bus-proxyd.c
View file

@ -829,10 +829,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
if (streq(name, "org.freedesktop.DBus"))
return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS,
"Connection is not allowed to own the org.freedesktop.DBus service."));
if (policy && !policy_check_own(policy, ucred->uid, ucred->gid, name))
return synthetic_reply_method_errno(m, -EPERM, NULL);

14
src/libsystemd/sd-bus/bus-control.c
View file

@ -137,6 +137,10 @@ _public_ int sd_bus_request_name(sd_bus *bus, const char *name, uint64_t flags)
assert_return(service_name_is_valid(name), -EINVAL);
assert_return(name[0] != ':', -EINVAL);
/* Don't allow requesting the special driver and local names */
if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
return -EINVAL;
if (!BUS_IS_OPEN(bus->state))
return -ENOTCONN;
@ -215,6 +219,10 @@ _public_ int sd_bus_release_name(sd_bus *bus, const char *name) {
assert_return(service_name_is_valid(name), -EINVAL);
assert_return(name[0] != ':', -EINVAL);
/* Don't allow requesting the special driver and local names */
if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
return -EINVAL;
if (!BUS_IS_OPEN(bus->state))
return -ENOTCONN;
@ -614,6 +622,9 @@ int bus_get_name_creds_kdbus(
uint64_t id;
int r;
if (streq(name, "org.freedesktop.DBus"))
return -ENOTSUP;
r = bus_kernel_parse_unique_name(name, &id);
if (r < 0)
return r;
@ -871,6 +882,9 @@ _public_ int sd_bus_get_name_creds(
assert_return(service_name_is_valid(name), -EINVAL);
assert_return(bus->bus_client, -ENODATA);
if (streq(name, "org.freedesktop.DBus.Local"))
return -EINVAL;
if (!BUS_IS_OPEN(bus->state))
return -ENOTCONN;