From: Simon McVittie Date: Mon, 26 Jan 2015 20:06:48 +0000 (+0000) Subject: CVE-2015-0245: discard forged ActivationFailure messages X-Git-Tag: dbus-1.9.10~2^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03c5e161752fe1ff4925955800ca9c78d09a6e0c;p=thirdparty%2Fdbus.git CVE-2015-0245: discard forged ActivationFailure messages Without this code change, non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester. In practice we can address this in system.conf by only allowing root to forge these messages, but this check is the real solution, particularly on systems where root is not all-powerful. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88811 Reviewed-by: Alban Crequy Reviewed-by: David King Reviewed-by: Philip Withnall --- diff --git a/bus/driver.c b/bus/driver.c index 9551f3d40..f494170c6 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -2061,8 +2061,26 @@ bus_driver_handle_message (DBusConnection *connection, if (dbus_message_is_signal (message, "org.freedesktop.systemd1.Activator", "ActivationFailure")) { BusContext *context; + DBusConnection *systemd; context = bus_connection_get_context (connection); + systemd = bus_driver_get_owner_of_name (connection, + "org.freedesktop.systemd1"); + + if (systemd != connection) + { + const char *attacker; + + attacker = bus_connection_get_name (connection); + bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, + "Ignoring forged ActivationFailure message from " + "connection %s (%s)", + attacker ? attacker : "(unauthenticated)", + bus_connection_get_loginfo (connection)); + /* ignore it */ + return TRUE; + } + return dbus_activation_systemd_failure(bus_context_get_activation(context), message); }