[PATCH] fill_user_info: fake user info for 'root' if it can not be found

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Feb 27 08:27:17 PST 2013

On 26/02/13 22:15, Krzysztof Konopko wrote:
>     Rummaging in /proc for credentials is an interesting approach: if done
>     incorrectly it can be a time of check/time of use vulnerability, but I
>     think you've avoided that.
> I've been considering tidying it up and making generic enough to
> potentially replace some getpw*() calls altogether as the latter ones
> are just an "implementation detail".  In many cases all that D-Bus
> daemon cares about is the same what the kernel cares about: numbers
> (UIDs/GIDs).

getpw*() and getgrouplist() are the only portable interface for this:
/proc is Linux-specific.

If you wanted to extend the D-Bus policy language to support

    <policy user="#0">...</policy>
    <policy group="#42">...</policy>

which didn't bother with a getpwnam() or getpwuid() and just did simple
integer matching, that would be fine. (If you do: bug report, please.)

Similarly, I wouldn't object to a patchset which tried to obtain peer
processes' groups via /proc on Linux, falling back to mapping the uid to
a username then calling getgrouplist() for that username on other Unix
platforms - but this would need to be checked for regressions on at
least one non-/proc Unix platform, and I suspect the code structure may
make this harder than it looks at first glance. That would resolve
<https://bugs.freedesktop.org/show_bug.cgi?id=9328> if implemented.


More information about the dbus mailing list