bus: only accept kdbus creds if they are valid

This allows userspace to fake kdbus creds via struct ucred in the proxy,
without making the recieving side choke on the missing fields of the
kdbus struct, more precisel pid_starttime and tid
This commit is contained in:
Lennart Poettering 2013-12-24 16:20:47 +01:00
parent eff0527098
commit 2dc9970bed
2 changed files with 30 additions and 7 deletions

View File

@ -407,17 +407,25 @@ static int bus_get_owner_kdbus(
switch (item->type) { switch (item->type) {
case KDBUS_ITEM_CREDS: case KDBUS_ITEM_CREDS:
m = (SD_BUS_CREDS_UID | SD_BUS_CREDS_GID | SD_BUS_CREDS_PID | m = (SD_BUS_CREDS_UID | SD_BUS_CREDS_GID | SD_BUS_CREDS_PID) & mask;
SD_BUS_CREDS_TID | SD_BUS_CREDS_PID_STARTTIME) & mask;
if (m) { if (m) {
c->uid = item->creds.uid; c->uid = item->creds.uid;
c->pid = item->creds.pid; c->pid = item->creds.pid;
c->gid = item->creds.gid; c->gid = item->creds.gid;
c->tid = item->creds.tid;
c->pid_starttime = item->creds.starttime;
c->mask |= m; c->mask |= m;
} }
if (mask & SD_BUS_CREDS_TID && item->creds.tid > 0) {
c->tid = item->creds.tid;
c->mask |= SD_BUS_CREDS_TID;
}
if (mask & SD_BUS_CREDS_PID_STARTTIME && item->creds.starttime > 0) {
c->pid_starttime = item->creds.starttime;
c->mask |= SD_BUS_CREDS_PID_STARTTIME;
}
break; break;
case KDBUS_ITEM_PID_COMM: case KDBUS_ITEM_PID_COMM:

View File

@ -793,12 +793,27 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {
} }
case KDBUS_ITEM_CREDS: case KDBUS_ITEM_CREDS:
m->creds.pid_starttime = d->creds.starttime / NSEC_PER_USEC; /* UID/GID/PID are always valid */
m->creds.uid = d->creds.uid; m->creds.uid = d->creds.uid;
m->creds.gid = d->creds.gid; m->creds.gid = d->creds.gid;
m->creds.pid = d->creds.pid; m->creds.pid = d->creds.pid;
m->creds.tid = d->creds.tid; m->creds.mask |= (SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID) & bus->creds_mask;
m->creds.mask |= (SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID|SD_BUS_CREDS_PID_STARTTIME|SD_BUS_CREDS_TID) & bus->creds_mask;
/* The PID starttime/TID might be missing
* however, when the data is faked by some
* data bus proxy and it lacks that
* information about the real client since
* SO_PEERCRED is used for that */
if (d->creds.starttime > 0) {
m->creds.pid_starttime = d->creds.starttime / NSEC_PER_USEC;
m->creds.mask |= SD_BUS_CREDS_PID_STARTTIME & bus->creds_mask;
}
if (d->creds.tid > 0) {
m->creds.tid = d->creds.tid;
m->creds.mask |= SD_BUS_CREDS_TID & bus->creds_mask;
}
break; break;
case KDBUS_ITEM_TIMESTAMP: case KDBUS_ITEM_TIMESTAMP: