From dc3333bcc992003607582e4a05ca8699ee9317aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Jul 2022 11:45:12 +0200 Subject: [PATCH] manager: limit access to private dbus socket For the system manager, /run/systemd/private is publicly accessible, because /run/systemd is 0755, and /run/systemd/private is 0777. For the user manager, /run/user/ is 0700, and /run/user//systemd/private is 0777. This does not directly cause any security issue because we check the sender in bus_check_peercred (ucred.uid != 0 && ucred.uid != geteuid()). But it makes sense to limit access to the socket to avoid wasting time in PID1. Somebody could send messages there that'd we'd reject anyway. It also makes things more explicit. (cherry picked from commit df1cbd1adf26071aab41d96e054452a3d66103a4) --- src/core/dbus.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/dbus.c b/src/core/dbus.c index 073675ceef..ad2230d1b5 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -42,6 +42,7 @@ #include "string-util.h" #include "strv.h" #include "strxcpyx.h" +#include "umask-util.h" #include "user-util.h" #define CONNECTIONS_MAX 4096 @@ -950,7 +951,8 @@ int bus_init_private(Manager *m) { if (fd < 0) return log_error_errno(errno, "Failed to allocate private socket: %m"); - r = bind(fd, &sa.sa, sa_len); + RUN_WITH_UMASK(0077) + r = bind(fd, &sa.sa, sa_len); if (r < 0) return log_error_errno(errno, "Failed to bind private socket: %m");