shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Code

manager: limit access to private dbus socket

Browse Source 
For the system manager, /run/systemd/private is publicly accessible, because
/run/systemd is 0755, and /run/systemd/private is 0777. For the user manager,
/run/user/<uid> is 0700, and /run/user/<uid>/systemd/private is 0777. This
does not directly cause any security issue because we check the sender in
bus_check_peercred (ucred.uid != 0 && ucred.uid != geteuid()).

But it makes sense to limit access to the socket to avoid wasting time in PID1.
Somebody could send messages there that'd we'd reject anyway. It also makes
things more explicit.

(cherry picked from commit df1cbd1adf)
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-07-22 11:45:12 +02:00
parent fbf4050e2c
commit dc3333bcc9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/dbus.c
View File

@ -42,6 +42,7 @@
#include "string-util.h" #include "string-util.h"
#include "strv.h" #include "strv.h"
#include "strxcpyx.h" #include "strxcpyx.h"
#include "umask-util.h"
#include "user-util.h" #include "user-util.h"
#define CONNECTIONS_MAX 4096 #define CONNECTIONS_MAX 4096
@ -950,6 +951,7 @@ int bus_init_private(Manager *m) {
if (fd < 0) if (fd < 0)
return log_error_errno(errno, "Failed to allocate private socket: %m"); return log_error_errno(errno, "Failed to allocate private socket: %m");
RUN_WITH_UMASK(0077)
r = bind(fd, &sa.sa, sa_len); r = bind(fd, &sa.sa, sa_len);
if (r < 0) if (r < 0)
return log_error_errno(errno, "Failed to bind private socket: %m"); return log_error_errno(errno, "Failed to bind private socket: %m");