[systemd-devel] Work on adding polkit support to systemd1

Lennart Poettering lennart at poettering.net
Fri Aug 15 09:56:36 PDT 2014


On Fri, 15.08.14 18:25, Stef Walter (stefw at redhat.com) wrote:

> 
> On 13.08.2014 20:27, Lennart Poettering wrote:
> > On Wed, 06.08.14 13:23, Stef Walter (stefw at redhat.com) wrote:
> > 
> >> I've done initial work on adding polkit support to systemd1 DBus
> >> methods. You can see it here:
> 
> Thanks for the review. Worked on this a bit more.
> 
> I might drop off the face of the earth for a couple weeks. In case I do,
> I thought I'd update my public branch. But if I'm around, I'll test and
> prepare a patch set early next week.
> 
> >> https://github.com/stefwalter/systemd/commits/polkit-systemd1

Hmm, yuck. There's a security issue here... Reading the capabilities
from the sender on dbus1 is racy, since we have to read it from
/proc/$PID/stat and don't get it sent along with the message, like we do
on kdbus. A rogue client could send a message, quickly invoke some suid
binary, and we'd consider the client trusted.

Now for the low-level implementation of the vtable bit we are actually
smart, and check by UID on dbus1, and by cap on kdbus, in order to avoid
the vulnerability.

Hmm, now I wonder how to best handle this for cases like this, we
probably need some generic way how clients can make this decision in an
always safe way...

I need to think more about this...

Patch set looks great otherwise. I'll come up with something for the
security issue, then adapt your patch, and merge it.

Thanks,

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list