On Fri, 15.08.14 18:25, Stef Walter (st...@redhat.com) wrote: > > On 13.08.2014 20:27, Lennart Poettering wrote: > > On Wed, 06.08.14 13:23, Stef Walter (st...@redhat.com) wrote: > > > >> I've done initial work on adding polkit support to systemd1 DBus > >> methods. You can see it here: > > Thanks for the review. Worked on this a bit more. > > I might drop off the face of the earth for a couple weeks. In case I do, > I thought I'd update my public branch. But if I'm around, I'll test and > prepare a patch set early next week. > > >> https://github.com/stefwalter/systemd/commits/polkit-systemd1
Hmm, yuck. There's a security issue here... Reading the capabilities from the sender on dbus1 is racy, since we have to read it from /proc/$PID/stat and don't get it sent along with the message, like we do on kdbus. A rogue client could send a message, quickly invoke some suid binary, and we'd consider the client trusted. Now for the low-level implementation of the vtable bit we are actually smart, and check by UID on dbus1, and by cap on kdbus, in order to avoid the vulnerability. Hmm, now I wonder how to best handle this for cases like this, we probably need some generic way how clients can make this decision in an always safe way... I need to think more about this... Patch set looks great otherwise. I'll come up with something for the security issue, then adapt your patch, and merge it. Thanks, Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel