Launchpad has imported 10 comments from the remote bug at http://bugs.freedesktop.org/show_bug.cgi?id=11876.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-08-06T20:44:27+00:00 Scox wrote: The EXTERNAL authentication method doesn't work if the effective UID of the client is different from its real UID, which happens for instance on setuid applications. That's because the client sends its real UID while the server checks the effective UID. Here's a pseudo-callstack of the client: 1/ handle_client_response_mech() 2/ dbus_credentials_add_from_current_process() 3/ _dbus_credentials_add_unix_uid() 4/ _dbus_getuid() 5/ getuid() While the server gets the effective uid in _dbus_read_credentials_socket() (through SO_PEERCRED and other methods). I guess _dbus_credentials_add_unix_uid() should call _dbus_geteuid() (which doesn't exist yet), but i'm not sure about how much code depends on the current behaviour of that function. Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/0 ------------------------------------------------------------------------ On 2007-08-06T20:45:59+00:00 Scox wrote: Created an attachment (id=11019) Testcase Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/1 ------------------------------------------------------------------------ On 2007-08-06T21:15:02+00:00 Scox wrote: Created an attachment (id=11020) Patch against CVS HEAD Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/2 ------------------------------------------------------------------------ On 2007-08-06T21:52:18+00:00 Scox wrote: Created an attachment (id=11021) Patch against CVS HEAD (fixed) The previous patch replaced _dbus_getuid() by _dbus_geteuid() in the wrong place. My bad. Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/3 ------------------------------------------------------------------------ On 2007-08-07T09:07:12+00:00 Hp-pobox wrote: Thanks, when applying this it would be worth grepping for all other uses of _dbus_getuid() and see if they should be euid as well. Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/4 ------------------------------------------------------------------------ On 2007-08-19T15:15:25+00:00 Scox wrote: After a quick look, I'd say that every getuid should be changed to geteuid, except the one in dbus-userdb.c. Also, my patch lacks of a _dbus_geteuid() in dbus-sysdeps-win.c (which should return DBUS_UID_UNSET). Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/5 ------------------------------------------------------------------------ On 2007-10-03T14:43:09+00:00 Johnp-redhat wrote: Havoc, can I apply this and do the other _dbus_geteuid fixes? Andrea, I don't totally understand your last comment about dbus-sysdeps- win.c. Can you clarify? Is it an indepth fix or something easy? Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/6 ------------------------------------------------------------------------ On 2007-10-03T15:27:58+00:00 Hp-pobox wrote: patch looks fine to me. John, the windows fix is to just cut-and-paste the dbus_geteuid() implementation into the windows file, but have it always return DBUS_UID_UNSET. You could do the windows fix or just leave it for the windows team. Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/7 ------------------------------------------------------------------------ On 2008-01-11T02:38:42+00:00 Benjamin-close wrote: Bugzilla Upgrade Mass Bug Change NEEDSINFO state was removed in Bugzilla 3.x, reopening any bugs previously listed as NEEDSINFO. - benjsc fd.o Wrangler Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/8 ------------------------------------------------------------------------ On 2008-01-14T12:11:26+00:00 Johnp-redhat wrote: committed, and other files fixed. Thanks Reply at: https://bugs.launchpad.net/dbus/+bug/188768/comments/9 ** Changed in: dbus Importance: Unknown => Medium -- DBUS suid problem https://bugs.launchpad.net/bugs/188768 You received this bug notification because you are a member of Registry Administrators, which is the registrant for D-Bus. _______________________________________________ Mailing list: https://launchpad.net/~registry Post to : [email protected] Unsubscribe : https://launchpad.net/~registry More help : https://help.launchpad.net/ListHelp
