[systemd-devel] Work on adding polkit support to systemd1

Lennart Poettering lennart at poettering.net
Fri Aug 15 09:56:36 PDT 2014

On Fri, 15.08.14 18:25, Stef Walter (stefw at redhat.com) wrote:

> On 13.08.2014 20:27, Lennart Poettering wrote:
> > On Wed, 06.08.14 13:23, Stef Walter (stefw at redhat.com) wrote:
> > 
> >> I've done initial work on adding polkit support to systemd1 DBus
> >> methods. You can see it here:
> Thanks for the review. Worked on this a bit more.
> I might drop off the face of the earth for a couple weeks. In case I do,
> I thought I'd update my public branch. But if I'm around, I'll test and
> prepare a patch set early next week.
> >> https://github.com/stefwalter/systemd/commits/polkit-systemd1

Hmm, yuck. There's a security issue here... Reading the capabilities
from the sender on dbus1 is racy, since we have to read it from
/proc/$PID/stat and don't get it sent along with the message, like we do
on kdbus. A rogue client could send a message, quickly invoke some suid
binary, and we'd consider the client trusted.

Now for the low-level implementation of the vtable bit we are actually
smart, and check by UID on dbus1, and by cap on kdbus, in order to avoid
the vulnerability.

Hmm, now I wonder how to best handle this for cases like this, we
probably need some generic way how clients can make this decision in an
always safe way...

I need to think more about this...

Patch set looks great otherwise. I'll come up with something for the
security issue, then adapt your patch, and merge it.



Lennart Poettering, Red Hat

More information about the systemd-devel mailing list