bus_driver_handle_message: reject ActivationFailure if unprivileged

Specifically, this will allow ActivationFailure messages from our own uid or from root, but reject them otherwise, even if the bus configuration for who can own org.freedesktop.systemd1 is entirely wrong due to something like CVE-2014-8148. Signed-off-by: Simon McVittie <smcv@debian.org> Reviewed-by: Colin Walters <walters@verbum.org> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98157
2026-03-17 11:20:37 +01:00 · 2016-10-07 21:25:08 +01:00 · 2016-10-07 21:25:08 +01:00 · 28fc54e352
commit 28fc54e352
parent e473ab85d4
1 changed files with 9 additions and 0 deletions
--- a/bus/driver.c
+++ b/bus/driver.c
@ -2616,6 +2616,15 @@ bus_driver_handle_message (DBusConnection *connection,
      BusContext *context;
      DBusConnection *systemd;

+      /* This is a directed signal, not a method call, so the log message
+       * is a little weird (it talks about "calling" ActivationFailure),
+       * but it's close enough */
+      if (!bus_driver_check_caller_is_privileged (connection,
+                                                  transaction,
+                                                  message,
+                                                  error))
+        return FALSE;
+
      context = bus_connection_get_context (connection);
      systemd = bus_driver_get_owner_of_name (connection,
          "org.freedesktop.systemd1");