diff options
author | David Herrmann <dh.herrmann@gmail.com> | 2015-07-04 12:14:45 +0200 |
---|---|---|
committer | David Herrmann <dh.herrmann@gmail.com> | 2015-07-04 12:23:39 +0200 |
commit | 0a069ce62de904ae9cbaf23d026ac380b02e50e4 (patch) | |
tree | 05477c4a95d55ec86d5e631f5d23db01a126b6a5 /src/tty-ask-password-agent | |
parent | 1d44f7584a713ab24e1ead541a8c85e176b99fd2 (diff) |
core: harden cgroups-agent forwarding
On dbus1, we receive systemd1.Agent signals via the private socket, hence
it's trusted. However, on kdbus we receive it on the system bus. We must
make sure it's sent by UID=0, otherwise unprivileged users can fake it.
Furthermore, never forward broadcasts we sent ourself. This might happen
on kdbus, as we forward the message on the same bus we received it on,
thus ending up in an endless loop.
Diffstat (limited to 'src/tty-ask-password-agent')
0 files changed, 0 insertions, 0 deletions