diff options
author | Simon McVittie <smcv@collabora.com> | 2017-06-23 15:20:04 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2017-12-11 16:03:21 +0000 |
commit | 6c0399cc78c1c6079aa0094ae641a0f4eaec1919 (patch) | |
tree | 550e9b3d51800a1c36d455b36f036a0e29106b35 | |
parent | 5d659d6e06a198cba81cdcd8f9b0fc811c393cd1 (diff) |
bus/containers: Don't allow stopping other users' containers
On the system bus, that would be a denial of service, assuming we
relax the access-control from METHOD_FLAG_PRIVILEGED to a new
METHOD_FLAG_NOT_CONTAINERS later.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
-rw-r--r-- | bus/containers.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/bus/containers.c b/bus/containers.c index 9e81eb08..eb2b89c6 100644 --- a/bus/containers.c +++ b/bus/containers.c @@ -798,6 +798,7 @@ bus_containers_handle_stop_instance (DBusConnection *connection, BusContainerInstance *instance = NULL; DBusList *iter; const char *path; + unsigned long uid; if (!dbus_message_get_args (message, error, DBUS_TYPE_OBJECT_PATH, &path, @@ -820,6 +821,21 @@ bus_containers_handle_stop_instance (DBusConnection *connection, goto failed; } + if (!dbus_connection_get_unix_user (connection, &uid)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Unable to determine user ID of caller"); + goto failed; + } + + if (uid != instance->uid) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "User %lu cannot stop a container server started by " + "user %lu", uid, instance->uid); + goto failed; + } + bus_container_instance_ref (instance); bus_container_instance_stop_listening (instance); @@ -850,6 +866,7 @@ bus_containers_handle_stop_listening (DBusConnection *connection, BusContainers *containers; BusContainerInstance *instance = NULL; const char *path; + unsigned long uid; if (!dbus_message_get_args (message, error, DBUS_TYPE_OBJECT_PATH, &path, @@ -872,6 +889,21 @@ bus_containers_handle_stop_listening (DBusConnection *connection, goto failed; } + if (!dbus_connection_get_unix_user (connection, &uid)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Unable to determine user ID of caller"); + goto failed; + } + + if (uid != instance->uid) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "User %lu cannot stop a container server started by " + "user %lu", uid, instance->uid); + goto failed; + } + bus_container_instance_ref (instance); bus_container_instance_stop_listening (instance); bus_container_instance_unref (instance); |