manager: taint the manager if the overflowuid/overflowgid aren't set to 65534
This commit is contained in:
parent
cefb3eda60
commit
90d7464d83
|
@ -3853,7 +3853,7 @@ int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t re
|
|||
}
|
||||
|
||||
char *manager_taint_string(Manager *m) {
|
||||
_cleanup_free_ char *destination = NULL;
|
||||
_cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL;
|
||||
char *buf, *e;
|
||||
int r;
|
||||
|
||||
|
@ -3864,7 +3864,9 @@ char *manager_taint_string(Manager *m) {
|
|||
"local-hwclock:"
|
||||
"var-run-bad:"
|
||||
"weird-nobody-user:"
|
||||
"weird-nobody-group:"));
|
||||
"weird-nobody-group:"
|
||||
"overflowuid-not-65534:"
|
||||
"overflowgid-not-65534:"));
|
||||
if (!buf)
|
||||
return NULL;
|
||||
|
||||
|
@ -3889,6 +3891,14 @@ char *manager_taint_string(Manager *m) {
|
|||
if (!streq(NOBODY_GROUP_NAME, "nobody"))
|
||||
e = stpcpy(e, "weird-nobody-group:");
|
||||
|
||||
r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
|
||||
if (r >= 0 && !streq(overflowuid, "65534"))
|
||||
e = stpcpy(e, "overflowuid-not-65534:");
|
||||
|
||||
r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid);
|
||||
if (r >= 0 && !streq(overflowgid, "65534"))
|
||||
e = stpcpy(e, "overflowgid-not-65534:");
|
||||
|
||||
/* remove the last ':' */
|
||||
if (e != buf)
|
||||
e[-1] = 0;
|
||||
|
|
Loading…
Reference in New Issue