Hardening: only allow the uid of the dbus-daemon to call UpdateActivationEnvironment

As with the previous commit, this is probably not actually privilege escalation due to the use of an activation helper that cleans up its environment, but let's be extra-careful here. Reviewed-by: Thiago Macieira <thiago@kde.org> [adjusted commit message -smcv]
2026-02-13 02:20:34 +01:00 · 2014-12-19 19:19:00 +00:00 · 2014-12-19 19:19:00 +00:00 · a67cb9bf1c
commit a67cb9bf1c
parent 6a3f563a4b
1 changed files with 35 additions and 0 deletions
--- a/bus/driver.c
+++ b/bus/driver.c
@ -881,6 +881,41 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection,
  if (!bus_driver_check_message_is_for_us (message, error))
    return FALSE;

+#ifdef DBUS_UNIX
+    {
+      /* UpdateActivationEnvironment is basically a recipe for privilege
+      * escalation so let's be extra-careful: do not allow the sysadmin
+      * to shoot themselves in the foot. */
+      unsigned long uid;
+
+      if (!dbus_connection_get_unix_user (connection, &uid))
+        {
+          bus_context_log (bus_transaction_get_context (transaction),
+              DBUS_SYSTEM_LOG_SECURITY,
+              "rejected attempt to call UpdateActivationEnvironment by "
+              "unknown uid");
+          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+              "rejected attempt to call UpdateActivationEnvironment by "
+              "unknown uid");
+          return FALSE;
+        }
+
+      /* On the system bus, we could in principle allow uid 0 to call
+       * UpdateActivationEnvironment; but they should know better anyway,
+       * and our default system.conf has always forbidden it */
+      if (!_dbus_unix_user_is_process_owner (uid))
+        {
+          bus_context_log (bus_transaction_get_context (transaction),
+              DBUS_SYSTEM_LOG_SECURITY,
+              "rejected attempt to call UpdateActivationEnvironment by uid %lu",
+              uid);
+          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+              "rejected attempt to call UpdateActivationEnvironment");
+          return FALSE;
+        }
+    }
+#endif
+
  activation = bus_connection_get_activation (connection);

  dbus_message_iter_init (message, &iter);