fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2025-12-23 23:30:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dbus-1.8'

Browse source 
Conflicts:
	NEWS
	configure.ac
This commit is contained in:
Simon McVittie 2014-11-24 13:05:09 +00:00
commit 2bc75daa2c
3 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
NEWS
View file

@ -3,6 +3,24 @@ D-Bus 1.9.4 (UNRELEASED)
Fixes: Fixes:
• Partially revert the CVE-2014-3639 patch by increasing the default
authentication timeout on the system bus from 5 seconds back to 30
seconds, since this has been reported to cause boot regressions for
some users, mostly with parallel boot (systemd) on slower hardware.
On fast systems where local users are considered particularly hostile,
administrators can return to the 5 second timeout (or any other value
in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
<busconfig>
<limit name="auth_timeout">5000</limit>
</busconfig>
(fd.o #86431, Simon McVittie)
• Add a message in syslog/the Journal when the auth_timeout is exceeded
(fd.o #86431, Simon McVittie)
• Send back an AccessDenied error if the addressed recipient is not allowed • Send back an AccessDenied error if the addressed recipient is not allowed
to receive a message (and in builds with assertions enabled, don't to receive a message (and in builds with assertions enabled, don't
assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)

2
bus/config-parser.c
View file

@ -438,7 +438,7 @@ bus_config_parser_new (const DBusString *basedir,
* and legitimate auth will fail. If interactive auth (ask user for * and legitimate auth will fail. If interactive auth (ask user for
* password) is allowed, then potentially it has to be quite long. * password) is allowed, then potentially it has to be quite long.
*/ */
parser->limits.auth_timeout = 5000; /* 5 seconds */ parser->limits.auth_timeout = 30000; /* 30 seconds */
/* Do not allow a fd to stay forever in dbus-daemon /* Do not allow a fd to stay forever in dbus-daemon
* https://bugs.freedesktop.org/show_bug.cgi?id=80559 * https://bugs.freedesktop.org/show_bug.cgi?id=80559

8
bus/connection.c
View file

@ -860,6 +860,14 @@ bus_connections_expire_incomplete (BusConnections *connections)
if (elapsed >= (double) auth_timeout) if (elapsed >= (double) auth_timeout)
{ {
/* Unfortunately, we can't identify the connection: it doesn't
* have a unique name yet, we don't know its uid/pid yet,
* and so on. */
bus_context_log (connections->context, DBUS_SYSTEM_LOG_INFO,
"Connection has not authenticated soon enough, closing it "
"(auth_timeout=%dms, elapsed: %.0fms)",
auth_timeout, elapsed);
_dbus_verbose ("Timing out authentication for connection %p\n", connection); _dbus_verbose ("Timing out authentication for connection %p\n", connection);
dbus_connection_close (connection); dbus_connection_close (connection);
} }