[colord] [PATCH 2/2] Ensure colord-sane can create devices and profiles.
christopher.halse.rogers at canonical.com
christopher.halse.rogers at canonical.com
Tue Mar 27 23:09:05 PDT 2012
From: Christopher James Halse Rogers <christopher.halse.rogers at canonical.com>
When colord-sane is running as @daemon_user@ it cannot gain the authorisation
necessary for it to add or remove the devices and profiles it should.
Extend the existing uid 0 check to also authorise clients running as @daemon_user at .
---
I'm less sure about this one. colord will either be running as root (in which case
this check is already covered above) or will be running as a specified system-user,
in which case nothing non-colord-related should be running as that user, so it should
at least be safe.
This could also be accomplished by shipping a pkla file. This doesn't seem to be a
common solution used by anything I've got installed, though.
src/cd-common.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/cd-common.c b/src/cd-common.c
index 19f0e41..5bff7f2 100644
--- a/src/cd-common.c
+++ b/src/cd-common.c
@@ -134,6 +134,14 @@ cd_main_sender_authenticated (GDBusMethodInvocation *invocation,
goto out;
}
+ /* a client running as the daemon user may also do all actions */
+ if (uid = getuid ()) {
+ g_debug ("CdCommon: not checking %s for %s as running as daemon user",
+ action_id, sender);
+ ret = TRUE;
+ goto out;
+ }
+
#ifdef USE_POLKIT
/* get authority */
authority = polkit_authority_get_sync (NULL, &error);
--
1.7.9.1
More information about the colord
mailing list