[systemd-devel] [PATCH 11/12] policy: kdbus_policy_check_own_access() returns 0 on success not true
kdbus_policy_check_own_access() returns 0 if access is granted, otherwise a negative errno. So fix this by returning 0. We did not hit this since callers were checking negative values for errors. Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/policy.c b/policy.c index d75c2ef..58ab6a5 100644 --- a/policy.c +++ b/policy.c @@ -231,7 +231,7 @@ static int kdbus_policy_check_access(const struct kdbus_policy_db_entry *e, * @conn: The connection to check * @name: The name to check * - * Return: t0 if the connection is allowed to own the name, -EPERM otherwise + * Return: 0 if the connection is allowed to own the name, -EPERM otherwise */ int kdbus_policy_check_own_access(struct kdbus_policy_db *db, const struct kdbus_conn *conn, @@ -307,8 +307,17 @@ int kdbus_policy_check_talk_access(struct kdbus_policy_db *db, unsigned int hash = 0; int ret; + /* +* user-uid maps to a fsuid at the time of a KDBUS_CMD_HELLO +* cmd, if they equal allow the TALK access, otherwise we +* proceed and perform checks against current's cred. +* +* By using the user-uid check first we reduce the exposure to +* creds changes. Privileged processes should be careful about +* what to do with a file descriptor. +*/ if (uid_eq(conn_src-user-uid, conn_dst-user-uid)) - return true; + return 0; /* * If there was a positive match for these two connections before, -- 1.9.0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 11/12] policy: kdbus_policy_check_own_access() returns 0 on success not true
On 06/20/2014 06:50 PM, Djalal Harouni wrote: kdbus_policy_check_own_access() returns 0 if access is granted, otherwise a negative errno. So fix this by returning 0. We did not hit this since callers were checking negative values for errors. Applied, thanks. Daniel Signed-off-by: Djalal Harouni tix...@opendz.org --- policy.c | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/policy.c b/policy.c index d75c2ef..58ab6a5 100644 --- a/policy.c +++ b/policy.c @@ -231,7 +231,7 @@ static int kdbus_policy_check_access(const struct kdbus_policy_db_entry *e, * @conn:The connection to check * @name:The name to check * - * Return: t0 if the connection is allowed to own the name, -EPERM otherwise + * Return: 0 if the connection is allowed to own the name, -EPERM otherwise */ int kdbus_policy_check_own_access(struct kdbus_policy_db *db, const struct kdbus_conn *conn, @@ -307,8 +307,17 @@ int kdbus_policy_check_talk_access(struct kdbus_policy_db *db, unsigned int hash = 0; int ret; + /* + * user-uid maps to a fsuid at the time of a KDBUS_CMD_HELLO + * cmd, if they equal allow the TALK access, otherwise we + * proceed and perform checks against current's cred. + * + * By using the user-uid check first we reduce the exposure to + * creds changes. Privileged processes should be careful about + * what to do with a file descriptor. + */ if (uid_eq(conn_src-user-uid, conn_dst-user-uid)) - return true; + return 0; /* * If there was a positive match for these two connections before, ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
