bus/containers: Don't allow stopping other users' containers

On the system bus, that would be a denial of service, assuming we relax the access-control from METHOD_FLAG_PRIVILEGED to a new METHOD_FLAG_NOT_CONTAINERS later. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
2026-05-05 06:28:00 +02:00 · 2017-06-23 15:20:04 +01:00 · 2017-06-23 15:20:04 +01:00 · 0dc09f29ee
commit 0dc09f29ee
parent 69d164cbd3
1 changed files with 32 additions and 0 deletions
--- a/bus/containers.c
+++ b/bus/containers.c
@ -798,6 +798,7 @@ bus_containers_handle_stop_instance (DBusConnection *connection,
  BusContainerInstance *instance = NULL;
  DBusList *iter;
  const char *path;
+  unsigned long uid;

  if (!dbus_message_get_args (message, error,
                              DBUS_TYPE_OBJECT_PATH, &path,
@ -820,6 +821,21 @@ bus_containers_handle_stop_instance (DBusConnection *connection,
      goto failed;
    }

+  if (!dbus_connection_get_unix_user (connection, &uid))
+    {
+      dbus_set_error (error, DBUS_ERROR_FAILED,
+                      "Unable to determine user ID of caller");
+      goto failed;
+    }
+
+  if (uid != instance->uid)
+    {
+      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                      "User %lu cannot stop a container server started by "
+                      "user %lu", uid, instance->uid);
+      goto failed;
+    }
+
  bus_container_instance_ref (instance);
  bus_container_instance_stop_listening (instance);

@ -850,6 +866,7 @@ bus_containers_handle_stop_listening (DBusConnection *connection,
  BusContainers *containers;
  BusContainerInstance *instance = NULL;
  const char *path;
+  unsigned long uid;

  if (!dbus_message_get_args (message, error,
                              DBUS_TYPE_OBJECT_PATH, &path,
@ -872,6 +889,21 @@ bus_containers_handle_stop_listening (DBusConnection *connection,
      goto failed;
    }

+  if (!dbus_connection_get_unix_user (connection, &uid))
+    {
+      dbus_set_error (error, DBUS_ERROR_FAILED,
+                      "Unable to determine user ID of caller");
+      goto failed;
+    }
+
+  if (uid != instance->uid)
+    {
+      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                      "User %lu cannot stop a container server started by "
+                      "user %lu", uid, instance->uid);
+      goto failed;
+    }
+
  bus_container_instance_ref (instance);
  bus_container_instance_stop_listening (instance);
  bus_container_instance_unref (instance);