fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-01-08 09:20:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
dbus/bus/activation.h
Alban Crequy 24c590703c CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service 
How it should work:

When a D-Bus message activates a service, LSMs (SELinux or AppArmor) check
whether the message can be delivered after the service has been activated. The
service is considered activated when its well-known name is requested with
org.freedesktop.DBus.RequestName. When the message delivery is denied, the
service stays activated but should not receive the activating message (the
message which triggered the activation). dbus-daemon is supposed to drop the
activating message and reply to the sender with a D-Bus error message.

However, it does not work as expected:

1. The error message is delivered to the service instead of being delivered to
   the sender. As an example, the error message could be something like:

     An SELinux policy prevents this sender from sending this
     message to this recipient, [...] member="MaliciousMethod"

   If the sender and the service are malicious confederates and agree on a
   protocol to insert information in the member name, the sender can leak
   information to the service, even though the LSM attempted to block the
   communication between the sender and the service.

2. The error message is delivered as a reply to the RequestName call from
   service. It means the activated service will believe it cannot request the
   name and might exit. The sender could activate the service frequently and
   systemd will give up activating it. Thus the denial of service.

The following changes fix the bug:
- bus_activation_send_pending_auto_activation_messages() only returns an error
  in case of OOM. The prototype is changed to return TRUE, or FALSE on OOM
  (and its only caller sets the OOM error).
- When a client is not allowed to talk to the service, a D-Bus error message
  is pre-allocated to be delivered to the client as part of the transaction.
  The error is not propagated to the caller so RequestName will not fail
  (except on OOM).

[fixed a misleading comment -smcv]

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78979
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
2014-06-05 14:36:17 +01:00

68 lines
2.7 KiB
C
Raw Blame History

/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/* activation.h Activation of services
*
* Copyright (C) 2003 CodeFactory AB
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifndef BUS_ACTIVATION_H
#define BUS_ACTIVATION_H
#include <dbus/dbus.h>
#include <dbus/dbus-list.h>
#include "bus.h"
BusActivation* bus_activation_new (BusContext *context,
const DBusString *address,
DBusList **directories,
DBusError *error);
dbus_bool_t bus_activation_reload (BusActivation *activation,
const DBusString *address,
DBusList **directories,
DBusError *error);
BusActivation* bus_activation_ref (BusActivation *activation);
void bus_activation_unref (BusActivation *activation);
dbus_bool_t bus_activation_set_environment_variable (BusActivation *activation,
const char *key,
const char *value,
DBusError *error);
dbus_bool_t bus_activation_activate_service (BusActivation *activation,
DBusConnection *connection,
BusTransaction *transaction,
dbus_bool_t auto_activation,
DBusMessage *activation_message,
const char *service_name,
DBusError *error);
dbus_bool_t bus_activation_service_created (BusActivation *activation,
const char *service_name,
BusTransaction *transaction,
DBusError *error);
dbus_bool_t bus_activation_list_services (BusActivation *registry,
char ***listp,
int *array_len);
dbus_bool_t dbus_activation_systemd_failure (BusActivation *activation,
DBusMessage *message);
dbus_bool_t bus_activation_send_pending_auto_activation_messages (BusActivation *activation,
BusService *service,
BusTransaction *transaction);
#endif /* BUS_ACTIVATION_H */
Reference in a new issue View git blame Copy permalink