summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-01-18 13:55:55 +0100
committerDavid Herrmann <dh.herrmann@gmail.com>2015-01-18 13:55:55 +0100
commit05bae4a60c32e29797597979cee2f3684eb3bc1e (patch)
treec1cebeb8436dcb8edf59454af1c8176610d26212 /src/libsystemd/sd-bus
parente23f4bb525991c5908be0d0e7f8374c964d9996c (diff)
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
Diffstat (limited to 'src/libsystemd/sd-bus')
-rw-r--r--src/libsystemd/sd-bus/bus-control.c16
-rw-r--r--src/libsystemd/sd-bus/bus-message.c12
-rw-r--r--src/libsystemd/sd-bus/busctl.c4
3 files changed, 16 insertions, 16 deletions
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index b45014078d..35c79cf899 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -762,7 +762,7 @@ static int bus_get_name_creds_dbus1(
if ((mask & SD_BUS_CREDS_PID) ||
((mask & SD_BUS_CREDS_AUGMENT) &&
- (mask & (SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
+ (mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
SD_BUS_CREDS_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
@@ -798,7 +798,7 @@ static int bus_get_name_creds_dbus1(
reply = sd_bus_message_unref(reply);
}
- if (mask & SD_BUS_CREDS_UID) {
+ if (mask & SD_BUS_CREDS_EUID) {
uint32_t u;
r = sd_bus_call_method(
@@ -818,8 +818,8 @@ static int bus_get_name_creds_dbus1(
if (r < 0)
return r;
- c->uid = u;
- c->mask |= SD_BUS_CREDS_UID;
+ c->euid = u;
+ c->mask |= SD_BUS_CREDS_EUID;
reply = sd_bus_message_unref(reply);
}
@@ -961,13 +961,13 @@ static int bus_get_owner_creds_dbus1(sd_bus *bus, uint64_t mask, sd_bus_creds **
}
if (bus->ucred.uid != UID_INVALID) {
- c->uid = bus->ucred.uid;
- c->mask |= SD_BUS_CREDS_UID & mask;
+ c->euid = bus->ucred.uid;
+ c->mask |= SD_BUS_CREDS_EUID & mask;
}
if (bus->ucred.gid != GID_INVALID) {
- c->gid = bus->ucred.gid;
- c->mask |= SD_BUS_CREDS_GID & mask;
+ c->egid = bus->ucred.gid;
+ c->mask |= SD_BUS_CREDS_EGID & mask;
}
}
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index f352c72981..23076d25dd 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -424,19 +424,19 @@ int bus_message_from_header(
if (ucred) {
m->creds.pid = ucred->pid;
- m->creds.uid = ucred->uid;
- m->creds.gid = ucred->gid;
+ m->creds.euid = ucred->uid;
+ m->creds.egid = ucred->gid;
/* Due to namespace translations some data might be
* missing from this ucred record. */
if (m->creds.pid > 0)
m->creds.mask |= SD_BUS_CREDS_PID;
- if (m->creds.uid != UID_INVALID)
- m->creds.mask |= SD_BUS_CREDS_UID;
+ if (m->creds.euid != UID_INVALID)
+ m->creds.mask |= SD_BUS_CREDS_EUID;
- if (m->creds.gid != GID_INVALID)
- m->creds.mask |= SD_BUS_CREDS_GID;
+ if (m->creds.egid != GID_INVALID)
+ m->creds.mask |= SD_BUS_CREDS_EGID;
}
if (label) {
diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
index c0d51e06a3..f0bc2a76a5 100644
--- a/src/libsystemd/sd-bus/busctl.c
+++ b/src/libsystemd/sd-bus/busctl.c
@@ -160,7 +160,7 @@ static int list_bus_names(sd_bus *bus, char **argv) {
r = sd_bus_get_name_creds(
bus, *i,
(arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) |
- SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|
SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_SESSION|
SD_BUS_CREDS_DESCRIPTION, &creds);
if (r >= 0) {
@@ -178,7 +178,7 @@ static int list_bus_names(sd_bus *bus, char **argv) {
} else
fputs(" - - ", stdout);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
if (r >= 0) {
_cleanup_free_ char *u = NULL;