bus/containers: Don't allow stopping other users' containers

On the system bus, that would be a denial of service, assuming we
relax the access-control from METHOD_FLAG_PRIVILEGED to a new
METHOD_FLAG_NOT_CONTAINERS later.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354

diff --git a/bus/containers.c b/bus/containers.c
index 9e81eb08aa1a5ad8c2700d89819054f6d131e1ad..eb2b89c6d812561911c6d749338e781018e9e215 100644 (file)
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -798,6 +798,7 @@ bus_containers_handle_stop_instance (DBusConnection *connection,
   BusContainerInstance *instance = NULL;
   DBusList *iter;
   const char *path;
+  unsigned long uid;
 
   if (!dbus_message_get_args (message, error,
                               DBUS_TYPE_OBJECT_PATH, &path,
@@ -820,6 +821,21 @@ bus_containers_handle_stop_instance (DBusConnection *connection,
       goto failed;
     }
 
+  if (!dbus_connection_get_unix_user (connection, &uid))
+    {
+      dbus_set_error (error, DBUS_ERROR_FAILED,
+                      "Unable to determine user ID of caller");
+      goto failed;
+    }
+
+  if (uid != instance->uid)
+    {
+      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                      "User %lu cannot stop a container server started by "
+                      "user %lu", uid, instance->uid);
+      goto failed;
+    }
+
   bus_container_instance_ref (instance);
   bus_container_instance_stop_listening (instance);
 
@@ -850,6 +866,7 @@ bus_containers_handle_stop_listening (DBusConnection *connection,
   BusContainers *containers;
   BusContainerInstance *instance = NULL;
   const char *path;
+  unsigned long uid;
 
   if (!dbus_message_get_args (message, error,
                               DBUS_TYPE_OBJECT_PATH, &path,
@@ -872,6 +889,21 @@ bus_containers_handle_stop_listening (DBusConnection *connection,
       goto failed;
     }
 
+  if (!dbus_connection_get_unix_user (connection, &uid))
+    {
+      dbus_set_error (error, DBUS_ERROR_FAILED,
+                      "Unable to determine user ID of caller");
+      goto failed;
+    }
+
+  if (uid != instance->uid)
+    {
+      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                      "User %lu cannot stop a container server started by "
+                      "user %lu", uid, instance->uid);
+      goto failed;
+    }
+
   bus_container_instance_ref (instance);
   bus_container_instance_stop_listening (instance);
   bus_container_instance_unref (instance);