delta/accountsservice.git - gitlab.freedesktop.org: accountsservice/accountsservice.git

diff options

author	Matthias Clasen <mclasen@redhat.com>	2013-11-01 17:09:25 -0400
committer	Ray Strode <rstrode@redhat.com>	2013-11-04 18:59:44 -0500
commit	980692e6b9cfe4a34e22f566e0981a8c549e4348 (patch)
tree	8bc8128d9b9f670057a8a0c05b2424dbb61ee9f0 /src/libaccountsservice
parent	f86c93014e698d81d43fe1ebaf805fa794e5a984 (diff)
download	accountsservice-980692e6b9cfe4a34e22f566e0981a8c549e4348.tar.gz

Avoid deleting the root user

The check we have in place against deleting the root user can be tricked by exploiting the fact that we are checking a gint64, and then later cast it to a uid_t. This can be seen with the following test, which will delete your root account: qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \ org.freedesktop.Accounts.DeleteUser -9223372036854775808 true Found with the dfuzzer tool, https://github.com/matusmarhefka/dfuzzer

Diffstat (limited to 'src/libaccountsservice')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: