From 49d4b1eecfefded66fd48a992633958da30035d7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 14 Nov 2014 18:47:54 +0100 Subject: bus-proxy: drop broken access check in driver The access check call was broken (as it tried to read a service name from the UpdateActivationEnvironment() method call which doesn't carry any). Also, it's unnecessary to make any access checks here, as we just forward the call to PID 1 which should do the access checks necessary. --- src/bus-proxyd/bus-proxyd.c | 26 -------------------------- 1 file changed, 26 deletions(-) (limited to 'src') diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index cbbafcf12e..7037301e4d 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -444,29 +444,6 @@ static int get_creds_by_message(sd_bus *bus, sd_bus_message *m, uint64_t mask, s return get_creds_by_name(bus, name, mask, _creds, error); } -static int peer_is_privileged(sd_bus *bus, sd_bus_message *m) { - _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; - uid_t uid; - int r; - - r = get_creds_by_message(bus, m, SD_BUS_CREDS_UID, &creds, NULL); - if (r < 0) - return r; - - r = sd_bus_creds_get_uid(creds, &uid); - if (r < 0) - return r; - - r = sd_bus_creds_has_effective_cap(creds, CAP_SYS_ADMIN); - if (r > 0) - return true; - - if (uid == getuid()) - return true; - - return false; -} - static int process_policy(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred) { int r; char **name; @@ -981,9 +958,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic _cleanup_bus_message_unref_ sd_bus_message *msg = NULL; _cleanup_strv_free_ char **args = NULL; - if (!peer_is_privileged(a, m)) - return synthetic_reply_method_errno(m, -EPERM, NULL); - r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{ss}"); if (r < 0) return synthetic_reply_method_errno(m, r, NULL); -- cgit v1.2.3-54-g00ecf