<div dir="ltr">This patch is supposed to be sent to libmbim-devel@<div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 5, 2014 at 10:15 AM, Prathmesh Prabhu Chromium <span dir="ltr"><<a href="mailto:pprabhu@chromium.org" target="_blank">pprabhu@chromium.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Augh! I want a gmail plugin that'll tell me when I try sending to the mm-devel list from the wrong email... :(</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 5, 2014 at 10:11 AM, Prathmesh Prabhu <span dir="ltr"><<a href="mailto:pprabhu@google.com" target="_blank">pprabhu@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">+aleksander, +dcbw<div><br></div><div>This is in response to <a href="http://lists.freedesktop.org/archives/libqmi-devel/2014-October/000956.html" target="_blank">http://lists.freedesktop.org/archives/libqmi-devel/2014-October/000956.html</a></div></div><div class="gmail_extra"><div><div class="h5"><div><div><br><div class="gmail_quote">On Wed, Nov 5, 2014 at 10:01 AM, Roshan Pius <span dir="ltr"><<a href="mailto:rpius@chromium.org" target="_blank">rpius@chromium.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Currently, the MBIM proxy process assumes that it is run as root UID and<br>
that all incoming client connection UIDs are also root.<br>
However, it's not always preferable to run the MBIM proxy as root for<br>
security reasons. On some platforms, the MBIM proxy could be constrained<br>
to run as a less-privileged user and specially granted the permission to<br>
access the MBIM device. So, adding a compile time flag in libmbim to check<br>
for the specified UID, rather than assume it to be the root UID. If the flag is<br>
not sent, it'll revert to the existing behaviour of checking for UID=0(i.e root)<br>
<br>
---<br>
<a href="http://configure.ac" target="_blank">configure.ac</a> | 11 +++++++++++<br>
src/libmbim-glib/mbim-proxy.c | 11 ++++++-----<br>
2 files changed, 17 insertions(+), 5 deletions(-)<br>
<br>
diff --git a/<a href="http://configure.ac" target="_blank">configure.ac</a> b/<a href="http://configure.ac" target="_blank">configure.ac</a><br>
index 27f82c9..132a0d7 100644<br>
--- a/<a href="http://configure.ac" target="_blank">configure.ac</a><br>
+++ b/<a href="http://configure.ac" target="_blank">configure.ac</a><br>
@@ -96,6 +96,17 @@ AC_SUBST(GLIB_MKENUMS)<br>
dnl Documentation<br>
GTK_DOC_CHECK(1.0)<br>
<br>
+# MBIM proxy UID<br>
+AC_ARG_ENABLE(mbim-proxy-uid,<br>
+ AS_HELP_STRING([--enable-mbim-proxy-uid=UID], [where mbim proxy uid is]),<br>
+ mbim_proxy_uid=$enableval,<br>
+ mbim_proxy_uid="")<br>
+if ! test x"$mbim_proxy_uid" = x""; then<br>
+ AC_DEFINE_UNQUOTED(MBIM_PROXY_UID, $mbim_proxy_uid, [Define the MBIM Proxy UID])<br>
+else<br>
+ AC_DEFINE(MBIM_PROXY_UID, 0, [Define the MBIM Proxy UID])<br>
+fi<br>
+<br>
dnl Man page<br>
AC_PATH_PROG(HELP2MAN, help2man, false)<br>
AM_CONDITIONAL(BUILDOPT_MAN, test x$HELP2MAN != xfalse)<br>
diff --git a/src/libmbim-glib/mbim-proxy.c b/src/libmbim-glib/mbim-proxy.c<br>
index 7677cc6..0cdb05b 100644<br>
--- a/src/libmbim-glib/mbim-proxy.c<br>
+++ b/src/libmbim-glib/mbim-proxy.c<br>
@@ -31,6 +31,7 @@<br>
#include <glib/gstdio.h><br>
#include <gio/gunixsocketaddress.h><br>
<br>
+#include "config.h"<br>
#include "mbim-device.h"<br>
#include "mbim-utils.h"<br>
#include "mbim-proxy.h"<br>
@@ -1060,8 +1061,8 @@ incoming_cb (GSocketService *service,<br>
return;<br>
}<br>
<br>
- if (uid != 0) {<br>
- g_warning ("Client not allowed: Not enough privileges");<br>
+ if (uid != MBIM_PROXY_UID) {<br>
+ g_warning ("Client not allowed: Not the expected UID: %u", MBIM_PROXY_UID);<br>
return;<br>
}<br>
<br>
@@ -1214,12 +1215,12 @@ mbim_proxy_new (GError **error)<br>
{<br>
MbimProxy *self;<br>
<br>
- /* Only root can run the mbim-proxy */<br>
- if (getuid () != 0) {<br>
+ /* Only the specified UID can run the mbim-proxy */<br>
+ if (getuid () != MBIM_PROXY_UID) {<br>
g_set_error (error,<br>
MBIM_CORE_ERROR,<br>
MBIM_CORE_ERROR_FAILED,<br>
- "Not enough privileges");<br>
+ "Not started with the expected UID: %u", MBIM_PROXY_UID);<br>
return NULL;<br>
}<br>
<span><font color="#888888"><br>
--<br>
2.1.0.rc2.206.gedb03e5<br>
<br>
_______________________________________________<br>
ModemManager-devel mailing list<br>
<a href="mailto:ModemManager-devel@lists.freedesktop.org" target="_blank">ModemManager-devel@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/modemmanager-devel" target="_blank">http://lists.freedesktop.org/mailman/listinfo/modemmanager-devel</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div></div></div></div></div><span class="HOEnZb"><font color="#888888"><span><font color="#888888">-- <br><div><div dir="ltr">Regards,<div>Prathmesh</div><div><br></div></div></div>
</font></span></font></span></div>
</blockquote></div><br></div>
<br>_______________________________________________<br>
ModemManager-devel mailing list<br>
<a href="mailto:ModemManager-devel@lists.freedesktop.org">ModemManager-devel@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/modemmanager-devel" target="_blank">http://lists.freedesktop.org/mailman/listinfo/modemmanager-devel</a><br>
<br></blockquote></div><br></div></div>