]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 775a31b) | patch
machine: do not allow unprivileged users to register other users' processes as machines
authorLuca Boccassi <luca.boccassi@gmail.com>
Fri, 12 Sep 2025 18:59:26 +0000 (19:59 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Tue, 16 Sep 2025 14:58:28 +0000 (15:58 +0100)
commit119d332d9c2cf1974b235c8d9e4e3ad821cf436a
treef5b235ccafac934c86cf5e7d99015455d5df8f77tree | snapshot
parent775a31bdfac785c588f34328f748bac10af61ffacommit | diff
machine: do not allow unprivileged users to register other users' processes as machines

Registering a process as a machine means a caller can get machined
to send sigterm to it, and more. If an unpriv user is registering,
ensure the registered process is actually owned by the user.

Follow-up for adaff8eb35d9c471af81fddaa4403bc5843a256f
src/machine/machine-varlink.c diff | blob | blame | history
src/machine/machined-dbus.c diff | blob | blame | history
test/units/TEST-13-NSPAWN.unpriv.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.