diff options
| author | David Herrmann <dh.herrmann@gmail.com> | 2015-01-18 13:55:55 +0100 |
|---|---|---|
| committer | David Herrmann <dh.herrmann@gmail.com> | 2015-01-18 13:55:55 +0100 |
| commit | 05bae4a60c32e29797597979cee2f3684eb3bc1e (patch) | |
| tree | c1cebeb8436dcb8edf59454af1c8176610d26212 /src/login | |
| parent | e23f4bb525991c5908be0d0e7f8374c964d9996c (diff) | |
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
Diffstat (limited to 'src/login')
| -rw-r--r-- | src/login/logind-dbus.c | 12 | ||||
| -rw-r--r-- | src/login/logind-session-dbus.c | 8 |
2 files changed, 10 insertions, 10 deletions
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index bc985a3754..f2f91d5ded 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1606,11 +1606,11 @@ static int method_do_shutdown_or_sleep( return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported"); } - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; @@ -1759,11 +1759,11 @@ static int method_can_shutdown_or_sleep( return sd_bus_reply_method_return(message, "s", "na"); } - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; @@ -1938,11 +1938,11 @@ static int method_inhibit(sd_bus *bus, sd_bus_message *message, void *userdata, if (r == 0) return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c index e3486fe5fc..4e7edef52d 100644 --- a/src/login/logind-session-dbus.c +++ b/src/login/logind-session-dbus.c @@ -239,11 +239,11 @@ static int method_set_idle_hint(sd_bus *bus, sd_bus_message *message, void *user if (r < 0) return r; - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; @@ -302,11 +302,11 @@ static int method_take_control(sd_bus *bus, sd_bus_message *message, void *userd if (r < 0) return r; - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; |