summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <smcv@collabora.com>2017-06-23 15:20:04 +0100
committerSimon McVittie <smcv@collabora.com>2017-12-11 16:03:21 +0000
commit6c0399cc78c1c6079aa0094ae641a0f4eaec1919 (patch)
tree550e9b3d51800a1c36d455b36f036a0e29106b35
parent5d659d6e06a198cba81cdcd8f9b0fc811c393cd1 (diff)
bus/containers: Don't allow stopping other users' containers
On the system bus, that would be a denial of service, assuming we relax the access-control from METHOD_FLAG_PRIVILEGED to a new METHOD_FLAG_NOT_CONTAINERS later. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
-rw-r--r--bus/containers.c32
1 files changed, 32 insertions, 0 deletions
diff --git a/bus/containers.c b/bus/containers.c
index 9e81eb08..eb2b89c6 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -798,6 +798,7 @@ bus_containers_handle_stop_instance (DBusConnection *connection,
BusContainerInstance *instance = NULL;
DBusList *iter;
const char *path;
+ unsigned long uid;
if (!dbus_message_get_args (message, error,
DBUS_TYPE_OBJECT_PATH, &path,
@@ -820,6 +821,21 @@ bus_containers_handle_stop_instance (DBusConnection *connection,
goto failed;
}
+ if (!dbus_connection_get_unix_user (connection, &uid))
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Unable to determine user ID of caller");
+ goto failed;
+ }
+
+ if (uid != instance->uid)
+ {
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+ "User %lu cannot stop a container server started by "
+ "user %lu", uid, instance->uid);
+ goto failed;
+ }
+
bus_container_instance_ref (instance);
bus_container_instance_stop_listening (instance);
@@ -850,6 +866,7 @@ bus_containers_handle_stop_listening (DBusConnection *connection,
BusContainers *containers;
BusContainerInstance *instance = NULL;
const char *path;
+ unsigned long uid;
if (!dbus_message_get_args (message, error,
DBUS_TYPE_OBJECT_PATH, &path,
@@ -872,6 +889,21 @@ bus_containers_handle_stop_listening (DBusConnection *connection,
goto failed;
}
+ if (!dbus_connection_get_unix_user (connection, &uid))
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Unable to determine user ID of caller");
+ goto failed;
+ }
+
+ if (uid != instance->uid)
+ {
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+ "User %lu cannot stop a container server started by "
+ "user %lu", uid, instance->uid);
+ goto failed;
+ }
+
bus_container_instance_ref (instance);
bus_container_instance_stop_listening (instance);
bus_container_instance_unref (instance);