shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-05 09:17:44 +03:00
Code

sd-bus: derive uid from cgroup if possible

Browse Source 
Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.

This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_systemd otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.

Long story short: With this patch applied, both:
        - ./busctl --user
        - sudo ./busctl --user
..will successfully connect to the user-bus of the local user.

Fixes #390.
This commit is contained in:
David Herrmann 2015-09-05 17:54:30 +02:00
parent 17258f5f27
commit 64ce4ad758
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/libsystemd/sd-bus/sd-bus.c
View File

@ -1241,6 +1241,8 @@ fail:
int bus_set_address_user(sd_bus *b) { int bus_set_address_user(sd_bus *b) {
const char *e; const char *e;
uid_t uid;
int r;
assert(b); assert(b);
@ -1248,6 +1250,10 @@ int bus_set_address_user(sd_bus *b) {
if (e) if (e)
return sd_bus_set_address(b, e); return sd_bus_set_address(b, e);
r = cg_pid_get_owner_uid(0, &uid);
if (r < 0)
uid = getuid();
e = secure_getenv("XDG_RUNTIME_DIR"); e = secure_getenv("XDG_RUNTIME_DIR");
if (e) { if (e) {
_cleanup_free_ char *ee = NULL; _cleanup_free_ char *ee = NULL;
@ -1256,9 +1262,9 @@ int bus_set_address_user(sd_bus *b) {
if (!ee) if (!ee)
return -ENOMEM; return -ENOMEM;
(void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, getuid(), ee); (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, ee);
} else } else
(void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT, getuid()); (void) asprintf(&b->address, KERNEL_USER_BUS_ADDRESS_FMT, uid);
if (!b->address) if (!b->address)
return -ENOMEM; return -ENOMEM;