mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-30 06:25:25 +03:00
sd-bus: always catch name requests for the special names "org.freedesktop.DBus" and "org.freedesktop.DBus.Local" and refuse them
This commit is contained in:
parent
b80c66ba98
commit
210a68826f
@ -829,10 +829,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
|
||||
if (r < 0)
|
||||
return synthetic_reply_method_errno(m, r, NULL);
|
||||
|
||||
if (streq(name, "org.freedesktop.DBus"))
|
||||
return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS,
|
||||
"Connection is not allowed to own the org.freedesktop.DBus service."));
|
||||
|
||||
if (policy && !policy_check_own(policy, ucred->uid, ucred->gid, name))
|
||||
return synthetic_reply_method_errno(m, -EPERM, NULL);
|
||||
|
||||
|
@ -137,6 +137,10 @@ _public_ int sd_bus_request_name(sd_bus *bus, const char *name, uint64_t flags)
|
||||
assert_return(service_name_is_valid(name), -EINVAL);
|
||||
assert_return(name[0] != ':', -EINVAL);
|
||||
|
||||
/* Don't allow requesting the special driver and local names */
|
||||
if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
|
||||
return -EINVAL;
|
||||
|
||||
if (!BUS_IS_OPEN(bus->state))
|
||||
return -ENOTCONN;
|
||||
|
||||
@ -215,6 +219,10 @@ _public_ int sd_bus_release_name(sd_bus *bus, const char *name) {
|
||||
assert_return(service_name_is_valid(name), -EINVAL);
|
||||
assert_return(name[0] != ':', -EINVAL);
|
||||
|
||||
/* Don't allow requesting the special driver and local names */
|
||||
if (STR_IN_SET(name, "org.freedesktop.DBus", "org.freedesktop.DBus.Local"))
|
||||
return -EINVAL;
|
||||
|
||||
if (!BUS_IS_OPEN(bus->state))
|
||||
return -ENOTCONN;
|
||||
|
||||
@ -614,6 +622,9 @@ int bus_get_name_creds_kdbus(
|
||||
uint64_t id;
|
||||
int r;
|
||||
|
||||
if (streq(name, "org.freedesktop.DBus"))
|
||||
return -ENOTSUP;
|
||||
|
||||
r = bus_kernel_parse_unique_name(name, &id);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -871,6 +882,9 @@ _public_ int sd_bus_get_name_creds(
|
||||
assert_return(service_name_is_valid(name), -EINVAL);
|
||||
assert_return(bus->bus_client, -ENODATA);
|
||||
|
||||
if (streq(name, "org.freedesktop.DBus.Local"))
|
||||
return -EINVAL;
|
||||
|
||||
if (!BUS_IS_OPEN(bus->state))
|
||||
return -ENOTCONN;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user