about using privileged (KAuth) helpers: system dbus daemon on OS X?

[René J.V. Bertin]

On Sunday September 18 2016 16:57:48 Thiago Macieira wrote:

> I have no idea what other kind of helper there may be. There's only "dbus-
> daemon-launch-helper", which is setuid root, but setuids to the service's 
> user. The launched service only sees its own UID, never 0.

There's too much room for confusion here: dbus-daemon-launch-helper the helper for DBus, and the process that implements the service which is (or can act as) a helper for the actual operation that is to be done. 

> > So we have a user application (say, ksysguard) that calls DBus routines to
> > launch a privileged helper process (ksysguardprocesslist_helper), a master
> 
> That's not how it works. An application asks for a service, like org.bluez. If 
> there's a .service file that matches that, it specifies the executable name 
> along with the user ID to run under. Then dbus-daemon runs dbus-daemon-launch-
> helper and that will setuid, clean the environment, then exec the target 
> executable.

Not to contradict you, but that looks almost exactly like what I tried to describe in different words...


> 
> No, that's the UID for dbus-daemon running as the system bus. The helper runs 
> as root, then setuid()s, as described above.

>From what I've seen the helper binary must be owned root and have the setuid bit set, so that when it launches it has uid=messagebus and euid=root. 

> > If the privileged helper (slave) is supposed to connect to the system dbus
> > when launched via dbus-daemon-helper-tool, how/why does it do so on Linux?
> 
> The helper does not connect to the any bus. The executable that it launches is 
> expected to connect ot the system bus, as described above.

Again, that's the helper I meant, not the dbus helper.

Is it roughly correct to say that on Linux an application will try to connect on the system bus if it doesn't find a session bus address?

Thanks,

R