[systemd-devel] [210] logind bypasses polkit? bug or new feature?

Mon Mar 10 02:48:42 PDT 2014

On Sun, Mar 09, 2014 at 08:00:22PM -0300, Gerardo Exequiel Pozzi wrote:
> Hello
> 
> To do tests I made a new Arch Linux (x86_64) base installation running
> in qemu/kvm with systemd-210-3 and polkit-0.112-1 to discard any weird
> thing on my system.
> 
> I can reboot/poweroff/suspend/hibernate the system with a normal user
> logged from a local VT or remote SSH does not care. I can not disable
> this even with a set of polkit rules.
> I am sure that this works fine before (maybe systemd-204 age?)
Yes! I did notice that, normally it should return 'challenge' ?!

I was working on a fix for hostnamed and then noticed logind. Currently
I'm not sure if it is the correct fix! some methodes are accessible...


> The weird thing here, is that If I ask to login1 about "Can*" methods it
> returns 'no'. Also system can be rebooted or poweroff if other users are
> logged on the system (i.e root on tty1).
I confirm this, I'm attaching a patch that will just disable this, but
I'm not sure about the inhibitor logic here did not have time to test
it.

-- 
Djalal Harouni
http://opendz.org
-------------- next part --------------
From: Djalal Harouni <tixxdz at opendz.org>
Subject: [PATCH] logind: remove the SD_BUS_VTABLE_UNPRIVILEGED flag from sensitive methods

This patch removes the SD_BUS_VTABLE_UNPRIVILEGED flag. The flag was
preventing check_access() from doing the capability check.
---
 src/login/logind-dbus.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c9c58f3..31a09df 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1887,14 +1887,14 @@ const sd_bus_vtable manager_vtable[] = {
         SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)),
         SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)),
         SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)),
-        SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Reboot", "b", NULL, method_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
-        SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, 0),
+        SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, 0),
+        SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, 0),
+        SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff, 0),
+        SD_BUS_METHOD("Reboot", "b", NULL, method_reboot, 0),
+        SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, 0),
+        SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, 0),
+        SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, 0),
         SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
-- 
1.8.5.3

