* CVE-2008-0595 - security policy of the type <allow send_interface=
"some.interface.WithMethods"/> work as an implicit allow for
messages sent without an interface bypassing the default deny rules
and potentially allowing restricted methods exported on the bus to be
executed by unauthorized users. This patch fixes the issue.
* bus/policy.c (bus_client_policy_check_can_send,
bus_client_policy_check_can_receive): skip messages without an
interface when evaluating an allow rule, and thus pass it to the
default deny rules
* dbus/dbus-connection.c (close_connection_on_shutdown): new method
split out from shared_connections_shutdown
(shared_connections_shutdown): shutdown all shared connections
without guids
(_dbus_connection_ref_unlocked): handle OOM when prepending no guid
connections to the shared_connections_no_guid list
* Patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
2008-01-17 Timo Hoenig <thoenig@suse.de>
* fix inotify support
* bus/dir-watch-inotify.c (_handle_inotify_watch): fix reading of the
inotify events. Also, use ssize_t not size_t for 'ret'.
* bus/dir-watch-inotify.c (bus_watch_directory): watch not only for
IN_MODIFY but also for IN_CREATE and IN_DELETE
* bus/dir-watch-inotify.c (bus_drop_all_directory_watches): drop the
inotify watches more elegantly by closing inotify:_fd, set inotify_fd to
-1 after dropping the watches
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Sébastien Couret <10function at gmail dot com>
* dbus/dbus-marshal-recursive.c (all_reader_classes[]): wrap in
#ifndef DBUS_DISABLE_ASSERT since it is only used in asserts which
are noop
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Peter O'Gorman <pogma at thewrittenword dot com>
* dbus/dbus-spawn.c (babysit_signal_handler): check write return value
so we don't hang (FDO Bug #11665)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Peter O'Gorman <pogma at thewrittenword dot com>
* dbus/dbus-sysdeps.h: support for AIX poll implementation (FDO Bug
#11666)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-connection.c (_dbus_connection_get_next_client_serial):
don't check for < 0 on an unsigned variable (FDO Bug #12924)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-spawn.c (_dbus_spawn_async_with_babysitter): the API
contract says sitter_p can be NULL, so let's check it (FDO Bug #12919)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-spawn.c (read_ints, read_pid): use correct ssize_t type
instead of size_t (FDO Bug #12862)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-errors.c (dbus_set_error): make sure to call va_end if we
hit an OOM error inside va_start (FDO Bug #12846)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-connection.c (dbus_connection_send_with_reply):
fix possible crash if pending_return is NULL (FDO Bug #12673)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* portions of patch submitted by Tim Mooney
<enchanter at users dot sourceforge dot net>
* configure.in: never auto-select libxml (FDO Bug #12479)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
handling to not abort due to a NULL read and to set the error only if
it is not already set (Based off of FDO Bug #12430)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-spawn.c (babysit, babysitter_iteration): add error
handling when polling (FDO Bug #12954)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* bus/config-parser.c (locate_attributes): remove dead code which
always evaluated to TRUE
* dbus/dbus-shell.c (_dbus_shell_quote): remove unused code
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* bus/connection.c (bus_connection_complete): plug a possible
BusClientPolicy leak (FDO Bug #13242)
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* patch by Frederic Crozat <fcrozat at mandriva dot com> (FDO Bz#
13268)
* add inotify support
* bus/Makefile.am: add inotify module to the build
* bus/dir-watch-inotify.c: inotify module based off the dnotify and
kqueue modules
* configure.in: add checks and switch for inotify
also add a printout at the end of configure if inotify and kqueue
support is being built in (dnotify already had this)
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* patch by Frederic Crozat <fcrozat at mandriva dot com>
* bus/dir-watch-dnotify.c (bus_watch_directory): watch for file
creates also
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* dbus/dbus-transport-socket.c(do_reading): return message
loader buffer in case of OOM (FDO Bug#12666)
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* configure.in: add warning to output when libxml is selected since
we don't have a libxml maintainer and expat works perfectly fine
for what we need an xml parser for
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* Patch by Andrea Luzzardi <scox at sig11 dot org>: creates a
_dbus_geteuid function to fix EXTERNAL authentication in setuid
applications
* dbus/dbus-sysdeps-unix.c (_dbus_geteuid): used to get the effective
uid of the running program
(_dbus_credentials_add_from_current_process): use geteuid instead of
getuid
(_dbus_append_user_from_current_process): use geteuid instead of
getuid
* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user): use
geteuid instead of getuid
(_dbus_unix_user_is_at_console): use geteuid instead of getuid
* dbus/dbus-sysdeps-win.c (_dbus_geteuid): add a windows equivilant
that returns DBUS_UID_UNSET
2007-11-23 Sjoerd Simons <sjoerd@luon.net>
* tools/dbus-launch.c: let both a normal dbus-launch and an
autolaunched bus save their parameters in X11 if possible. This makes
the autolaunch and non-autolaunch behaviour more similar. With the
exception that on a normal launch there will always be a new session
bus and not being able to save parameters is not fatal. This also
enables to launch programs directly with autolaunch (not very usefull
though).
2007-10-31 Havoc Pennington <hp@redhat.com>
* bus/selinux.c (log_audit_callback): rewrite to use
_dbus_string_copy_to_buffer_with_nul()
* dbus/dbus-string.c (_dbus_string_copy_to_buffer): change to NOT
nul-terminate the buffer; fail an assertion if there is not enough
space in the target buffer. This fixes two bugs where
copy_to_buffer was used to copy the binary bytes in a UUID, where
nul termination did not make sense. Bug reported by David Castelow.
(_dbus_string_copy_to_buffer_with_nul): new function that always
nul-terminates the buffer, and fails an assertion if there is not
enough space in the buffer.
2007-10-23 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): use the new name here
* bus/selinux.c (bus_selinux_audit_init): rename from audit_init()
to avoid possible libc conflict, and declare it in .h file to
avoid a warning
2007-10-19 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): put the audit_init() in here
instead, which I believe ends up being the same as where it was
before, though I'm not sure I understand why it goes here.
* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user):
remove audit_init() from here, this file can't depend on code in
bus/ directory
If inline isn't recognised (e.g. on a strict C90 compiler, like gcc -ansi) this
defines it to __inline__, __inline or nothing, whichever works. This is safe,
because we never use inline except in combination with static.
