[systemd-bugs] [Bug 55062] pam_systemd injects libdbus into setuid programs

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Feb 7 12:21:43 PST 2013


https://bugs.freedesktop.org/show_bug.cgi?id=55062

--- Comment #1 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
(In reply to comment #0)
> In this case, that means that pam_systemd should filter out any DBUS_
> environment variables before initializing libdbus.

I don't think that makes sense. Environment variables are global state: a "mere
plugin" shouldn't be messing with global state.

I've asked the PAM maintainers[1] to clarify their policy on who is responsible
for avoiding "bad" environment variables, but not received any response so far.

One thing that pam_systemd (and other plugins in this situation) could usefully
do would be to hard-code the address to connect to: instead of using
dbus_bus_get_private(), it could use dbus_connection_open_private() and
dbus_bus_register(). That would avoid looking up DBUS_SYSTEM_BUS_ADDRESS, at
least. I think it would be reasonable to say that pam_systemd doesn't support
systems where the system bus isn't /var/run/dbus/system_bus_socket.

[1] https://www.redhat.com/archives/pam-list/2013-January/msg00005.html

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20130207/8db3074b/attachment.html>


More information about the systemd-bugs mailing list