[systemd-devel] Work on adding polkit support to systemd1
Lennart Poettering
lennart at poettering.net
Fri Aug 15 09:56:36 PDT 2014
On Fri, 15.08.14 18:25, Stef Walter (stefw at redhat.com) wrote:
>
> On 13.08.2014 20:27, Lennart Poettering wrote:
> > On Wed, 06.08.14 13:23, Stef Walter (stefw at redhat.com) wrote:
> >
> >> I've done initial work on adding polkit support to systemd1 DBus
> >> methods. You can see it here:
>
> Thanks for the review. Worked on this a bit more.
>
> I might drop off the face of the earth for a couple weeks. In case I do,
> I thought I'd update my public branch. But if I'm around, I'll test and
> prepare a patch set early next week.
>
> >> https://github.com/stefwalter/systemd/commits/polkit-systemd1
Hmm, yuck. There's a security issue here... Reading the capabilities
from the sender on dbus1 is racy, since we have to read it from
/proc/$PID/stat and don't get it sent along with the message, like we do
on kdbus. A rogue client could send a message, quickly invoke some suid
binary, and we'd consider the client trusted.
Now for the low-level implementation of the vtable bit we are actually
smart, and check by UID on dbus1, and by cap on kdbus, in order to avoid
the vulnerability.
Hmm, now I wonder how to best handle this for cases like this, we
probably need some generic way how clients can make this decision in an
always safe way...
I need to think more about this...
Patch set looks great otherwise. I'll come up with something for the
security issue, then adapt your patch, and merge it.
Thanks,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list