fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-02-23 15:30:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make uid 0 immune to pending_fd_timeout limit

Browse source 
This is a workaround for
<https://bugs.freedesktop.org/show_bug.cgi?id=95263>. If a service
sends a file descriptor sufficiently frequently that its queue of
messages never goes down to 0 fds pending, then it will eventually be
disconnected. logind is one such service.

We do not currently have a good solution for this: the proposed
patches either don't work, or reintroduce a denial of service
security vulnerability (CVE-2014-3637). Neither seems desirable.
However, we can avoid the worst symptoms by trusting uid 0 not to be
malicious.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95263
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1591411
Reviewed-by: Łukasz Zemczak
Tested-by: Ivan Kozik
Tested-by: Finn Herpich
Tested-by: autostatic
Tested-by: Ben Parafina
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
(cherry picked from commit d5fae1db78)
[smcv: omit the test/dbus-daemon.c part, which does not apply unless
a363822f5f is also applied]
This commit is contained in:
Simon McVittie 2016-11-11 16:40:44 +00:00
parent 8551c68d96
commit 3f407671ec
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
bus/connection.c
View file

@ -672,10 +672,24 @@ pending_unix_fds_timeout_cb (void *data)
{
DBusConnection *connection = data;
BusConnectionData *d = BUS_CONNECTION_DATA (connection);
unsigned long uid;
int limit;
_dbus_assert (d != NULL);
limit = bus_context_get_pending_fd_timeout (d->connections->context);
if (dbus_connection_get_unix_user (connection, &uid) && uid == 0)
{
bus_context_log (d->connections->context, DBUS_SYSTEM_LOG_WARNING,
"Connection \"%s\" (%s) has had Unix fds pending for "
"too long (pending_fd_timeout=%dms); tolerating it, "
"because it has uid 0",
d->name != NULL ? d->name : "(null)",
bus_connection_get_loginfo (connection),
limit);
return TRUE;
}
bus_context_log (d->connections->context, DBUS_SYSTEM_LOG_WARNING,
"Connection \"%s\" (%s) has had Unix fds pending for too long, "
"closing it (pending_fd_timeout=%d ms)",