[systemd-devel] [PATCH] bus-proxyd: don't allow to acquire org.freedesktop.DBus name

Mon Jan 5 07:07:23 PST 2015

On 01/05/2015 02:45 PM, Lukasz Skalski wrote:
> ---
>  src/bus-proxyd/bus-proxyd.c | 4 ++++
>  1 file changed, 4 insertions(+)

Applied, thanks!

> 
> diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
> index a7818f5..fc70cce 100644
> --- a/src/bus-proxyd/bus-proxyd.c
> +++ b/src/bus-proxyd/bus-proxyd.c
> @@ -829,6 +829,10 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
>                  if (r < 0)
>                          return synthetic_reply_method_errno(m, r, NULL);
>  
> +                if (streq(name, "org.freedesktop.DBus"))
> +                        return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS,
> +                                                            "Connection is not allowed to own the org.freedesktop.DBus service."));
> +
>                  if (policy && !policy_check_own(policy, ucred->uid, ucred->gid, name))
>                          return synthetic_reply_method_errno(m, -EPERM, NULL);
>  
> 