bus driver: factor out bus_driver_check_caller_is_privileged, and allow root

Unlike the initial mitigation for CVE-2014-8148, we now allow
uid 0 to call UpdateActivationEnvironment. There's no point in root
doing that, but there's also no reason why it's particularly bad -
if an attacker is uid 0 we've already lost - and it simplifies
use of this function for future things that do want to be callable
by root, like BecomeMonitor for #46787.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810
Reviewed-by: Philip Withnall

1 files changed, 3 insertions, 3 deletions

diff --git a/test/uid-permissions.c b/test/uid-permissions.c
index 1bb1a310..407b530e 100644
--- a/test/uid-permissions.c
+++ b/test/uid-permissions.c
@@ -164,10 +164,10 @@ teardown (Fixture *f,
   test_main_context_unref (f->ctx);
 }
 
-static Config root_fail_config = {
+static Config root_ok_config = {
     "valid-config-files/multi-user.conf",
     TEST_USER_ROOT,
-    FALSE
+    TRUE
 };
 
 static Config messagebus_ok_config = {
@@ -189,7 +189,7 @@ main (int argc,
   g_test_init (&argc, &argv, NULL);
   g_test_bug_base ("https://bugs.freedesktop.org/show_bug.cgi?id=");
 
-  g_test_add ("/uid-permissions/uae/root", Fixture, &root_fail_config,
+  g_test_add ("/uid-permissions/uae/root", Fixture, &root_ok_config,
       setup, test_uae, teardown);
   g_test_add ("/uid-permissions/uae/messagebus", Fixture, &messagebus_ok_config,
       setup, test_uae, teardown);