Hardening: only accept Stats function calls at the canonical object path

These function calls are not a privilege escalation risk like UpdateActivationEnvironment, but they might provide sensitive information or be enhanced to provide sensitive information in future, so the default system.conf locks them down to root-only. Apply the same canonical-object-path hardening as for UpdateActivationEnvironment. We do not apply the uid check here because they are less dangerous than UpdateActivationEnvironment, and because the ability to unlock these function calls for specific uids is a documented configuration for developers. Reviewed-by: Thiago Macieira <thiago@kde.org> [added missing #include; extended commit message -smcv]
2026-05-01 00:58:00 +02:00 · 2014-12-19 18:51:04 +00:00 · 2014-12-19 18:51:04 +00:00 · eec885de3b
commit eec885de3b
parent 4daf4bdc92
1 changed files with 7 additions and 0 deletions
--- a/bus/stats.c
+++ b/bus/stats.c
@ -29,6 +29,7 @@
 #include <dbus/dbus-connection-internal.h>

 #include "connection.h"
+#include "driver.h"
 #include "services.h"
 #include "utils.h"

@ -49,6 +50,9 @@ bus_stats_handle_get_stats (DBusConnection *connection,

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

+  if (!bus_driver_check_message_is_for_us (message, error))
+    return FALSE;
+
  context = bus_transaction_get_context (transaction);
  connections = bus_context_get_connections (context);

@ -131,6 +135,9 @@ bus_stats_handle_get_connection_stats (DBusConnection *caller_connection,

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

+  if (!bus_driver_check_message_is_for_us (message, error))
+    return FALSE;
+
  registry = bus_connection_get_registry (caller_connection);

  if (! dbus_message_get_args (message, error,