From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Fri, 19 Dec 2014 19:19:00 +0000 (+0000)
Subject: Hardening: only allow the uid of the dbus-daemon to call UpdateActivationEnvironment
X-Git-Tag: dbus-1.8.14~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a67cb9bf1c092e9ade210cb9d894664298687f8f;p=thirdparty%2Fdbus.git

Hardening: only allow the uid of the dbus-daemon to call UpdateActivationEnvironment

As with the previous commit, this is probably not actually privilege
escalation due to the use of an activation helper that cleans up its
environment, but let's be extra-careful here.

Reviewed-by: Thiago Macieira <thiago@kde.org>
[adjusted commit message -smcv]
---

diff --git a/bus/driver.c b/bus/driver.c
index 0b9c3ed58..f5d3ebe21 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -881,6 +881,41 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
   if (!bus_driver_check_message_is_for_us (message, error))
     return FALSE;
 
+#ifdef DBUS_UNIX
+    {
+      /* UpdateActivationEnvironment is basically a recipe for privilege
+      * escalation so let's be extra-careful: do not allow the sysadmin
+      * to shoot themselves in the foot. */
+      unsigned long uid;
+
+      if (!dbus_connection_get_unix_user (connection, &uid))
+        {
+          bus_context_log (bus_transaction_get_context (transaction),
+              DBUS_SYSTEM_LOG_SECURITY,
+              "rejected attempt to call UpdateActivationEnvironment by "
+              "unknown uid");
+          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+              "rejected attempt to call UpdateActivationEnvironment by "
+              "unknown uid");
+          return FALSE;
+        }
+
+      /* On the system bus, we could in principle allow uid 0 to call
+       * UpdateActivationEnvironment; but they should know better anyway,
+       * and our default system.conf has always forbidden it */
+      if (!_dbus_unix_user_is_process_owner (uid))
+        {
+          bus_context_log (bus_transaction_get_context (transaction),
+              DBUS_SYSTEM_LOG_SECURITY,
+              "rejected attempt to call UpdateActivationEnvironment by uid %lu",
+              uid);
+          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+              "rejected attempt to call UpdateActivationEnvironment");
+          return FALSE;
+        }
+    }
+#endif
+
   activation = bus_connection_get_activation (connection);
 
   dbus_message_iter_init (message, &iter);