manager: taint the manager if the overflowuid/overflowgid aren't set to 65534

This commit is contained in:
Lennart Poettering 2017-12-07 11:35:02 +01:00
parent cefb3eda60
commit 90d7464d83
1 changed files with 12 additions and 2 deletions

View File

@ -3853,7 +3853,7 @@ int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t re
}
char *manager_taint_string(Manager *m) {
_cleanup_free_ char *destination = NULL;
_cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL;
char *buf, *e;
int r;
@ -3864,7 +3864,9 @@ char *manager_taint_string(Manager *m) {
"local-hwclock:"
"var-run-bad:"
"weird-nobody-user:"
"weird-nobody-group:"));
"weird-nobody-group:"
"overflowuid-not-65534:"
"overflowgid-not-65534:"));
if (!buf)
return NULL;
@ -3889,6 +3891,14 @@ char *manager_taint_string(Manager *m) {
if (!streq(NOBODY_GROUP_NAME, "nobody"))
e = stpcpy(e, "weird-nobody-group:");
r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
if (r >= 0 && !streq(overflowuid, "65534"))
e = stpcpy(e, "overflowuid-not-65534:");
r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid);
if (r >= 0 && !streq(overflowgid, "65534"))
e = stpcpy(e, "overflowgid-not-65534:");
/* remove the last ':' */
if (e != buf)
e[-1] = 0;