summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* 1.9.10dbus-1.9.10Simon McVittie2015-02-092-4/+4
|
* Add a regression test for making systemd activation appear to failSimon McVittie2015-02-091-0/+31
|
* Merge branch '1.8-cve-2015-0245' into cve-2015-0245Simon McVittie2015-02-093-12/+62
|\ | | | | | | | | | | | | Conflicts: NEWS bus/system.conf.in configure.ac
| * CVE-2015-0245: discard forged ActivationFailure messagesSimon McVittie2015-02-051-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this code change, non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester. In practice we can address this in system.conf by only allowing root to forge these messages, but this check is the real solution, particularly on systems where root is not all-powerful. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88811 Reviewed-by: Alban Crequy Reviewed-by: David King Reviewed-by: Philip Withnall
| * bus_driver_get_owner_of_name: factor out from bus_driver_get_conn_helperSimon McVittie2015-02-051-11/+21
| | | | | | | | | | | | | | | | | | | | We need this, or something equivalent, to address CVE-2015-0245 via code changes. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88811 Reviewed-by: Alban Crequy Reviewed-by: David King Reviewed-by: Philip Withnall
| * 1.8.17Simon McVittie2015-02-052-1/+6
| |
| * Prepare embargoed 1.8.16 releasedbus-1.8.16Simon McVittie2015-02-042-4/+18
| |
| * CVE-2015-0245: prevent forged ActivationFailure from non-root processesSimon McVittie2015-02-041-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Without either this rule or better checking in dbus-daemon, non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester. This is redundant with the fix in the C code (which I consider to be the real solution), but is likely to be easier to backport. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88811 Reviewed-by: Alban Crequy Reviewed-by: David King Reviewed-by: Philip Withnall
* | Add test-fdpass to the build, and make it compile againSimon McVittie2015-02-052-1/+13
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88998 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | tests: make installable metadata Windows-friendly by using EXEEXTSimon McVittie2015-02-051-2/+2
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88980 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* | tests: make sure to specify CPPFLAGS where neededSimon McVittie2015-02-051-0/+2
| | | | | | | | | | | | | | | | | | test-marshal and test-syntax need the $(testutils_shared_if_possible_cppflags), so that they will get the $(static_cflags) when we are not linking to dbus-glib. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88980 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* | bus_driver_check_caller_is_privileged: correct the DBUS_WIN caseSimon McVittie2015-02-041-1/+1
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88964 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* | _dbus_listen_tcp_socket: Keep windows code to fetch port from tcp listening ↵Ralf Habacker2015-02-041-6/+5
| | | | | | | | | | | | | | socket in sync with unix. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=87999 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | NEWS for 1.9Simon McVittie2015-02-041-1/+28
| |
* | Add a common test_init() for GLib tests which prevents hanging foreverSimon McVittie2015-02-0417-30/+54
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | dbus-monitor: add options to log binary data with or without pcap framingSimon McVittie2015-02-045-9/+202
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | dbus-monitor: add support for using BecomeMonitor to be a read-only monitorSimon McVittie2015-02-041-9/+75
| | | | | | | | | | | | | | | | | | Move the dbus_connection_add_filter() call further up as a precaution, because it isn't safe for a monitor to not have a filter that swallows all messages. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | Allow root to monitor the system bus by defaultSimon McVittie2015-02-041-0/+6
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | Add a regression test for being a new-style monitorSimon McVittie2015-02-043-0/+1526
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes most of the situations I could think of: * method call on dbus-daemon and response * NameOwnerChanged * NameAcquired, NameLost (although I'm not 100% sure these should get captured, since they're redundant with NameOwnerChanged) * unicast message is allowed through * unicast message is rejected by no-sending or no-receiving policy * broadcast is allowed through * broadcast is rejected by no-sending policy (the error reply is also captured) * broadcast is rejected by no-receiving policy (there is no error reply) * message causing service activation, and the message telling systemd to do the actual activation * systemd reporting that activation failed It does not cover: * sending a message to dbus-daemon, then provoking a reply, then dbus-daemon does not allow itself to send the reply due to its own security policy This is such an obscure corner case that I'm not even convinced it's testable without dropping down into lower-level socket manipulation: dbus-daemon's replies are always assumed to be requested replies, and replies contain so little other metadata that I think we can only forbid them by forbidding all method replies. If we do that, the reply to Hello() won't arrive and the client-side connection will not become active. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | Capture a fake reply if a broadcast cannot be deliveredSimon McVittie2015-02-043-4/+37
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | Capture all messages received or sent, and send them to monitorsSimon McVittie2015-02-046-34/+417
| | | | | | | | | | | | | | | | Unlike eavesdropping, the point of capture is when the message is received, except for messages originating inside the dbus-daemon. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | Add support for morphing a D-Bus connection into a "monitor"Simon McVittie2015-02-045-1/+199
| | | | | | | | | | | | | | | | | | | | | | | | This is a special connection that is not allowed to send anything, and loses all its well-known names. In future commits, it will get a new set of match rules and the ability to eavesdrop on messages before the rest of the bus daemon has had a chance to process them. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | Merge branch 'dbus-1.8'Simon McVittie2015-02-040-0/+0
|\ \ | |/
| * NEWS for 1.8 branchSimon McVittie2015-02-041-1/+7
| |
* | _dbus_listen_tcp_socket: comment on another reason to ignore EADDRINUSESimon McVittie2015-02-041-3/+12
| | | | | | | | | | | | | | Not being aware of the second reason described here caused bug #87999 in the equivalent code on Windows. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=87999
* | _dbus_listen_tcp_socket: use NI_NUMERICSERV to determine port numberSimon McVittie2015-02-041-1/+1
| | | | | | | | | | | | | | | | If we happen to have been given (say) port 30865, we want to represent that as host=localhost,port=30865 and not host=localhost,port=csync2. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=87999
* | Provide appropriate DBUS_USER and DBUS_TEST_USER under CMakeRalf Habacker2015-02-042-3/+6
| | | | | | | | | | | | [separated out from a larger commit -smcv] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88964 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Link tests to test-utils-glib.c under CMake tooRalf Habacker2015-02-041-1/+9
| | | | | | | | | | | | [Separated out from a larger commit -smcv] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88964 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | dbus-monitor: use common code from dbus-test-toolSimon McVittie2015-02-043-13/+12
| | | | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall [also sync up the cmake build system -smcv]
* | 1.9.9Simon McVittie2015-02-032-1/+6
| |
* | 1.9.8 development releasedbus-1.9.8Simon McVittie2015-02-032-4/+6
| |
* | Treat root as a valid candidate for TEST_USER_MESimon McVittie2015-02-032-15/+4
| | | | | | | | | | | | | | | | | | | | | | | | If spawn_dbus_daemon() can fail for TEST_USER_ME, then we'd have to go through all the tests adding the ability to skip tests after it fails, which is a fairly extensive change. The tests have historically all run as whatever uid is supplied, and if the tests are being run as root for some reason - perhaps in a CI framework for an embedded platform that doesn't have non-root users, or in an environment where you can be root or non-root but not both - there is no particular reason to skip them.
* | NEWSSimon McVittie2015-02-031-0/+8
| |
* | Add a regression test for systemd activationSimon McVittie2015-02-038-0/+363
| | | | | | | | | | | | | | 4.5 years after it was implemented, here is the regression test. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57952 Reviewed-by: Philip Withnall
* | bus_context_log_and_set_error: add and useSimon McVittie2015-02-034-25/+39
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | _dbus_set_error_valist: addSimon McVittie2015-02-032-6/+24
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | bus_context_log_literal: add simplified version of bus_context_logSimon McVittie2015-02-032-1/+24
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | bus: put the printf attribute in the header where it will do more goodSimon McVittie2015-02-032-4/+1
| | | | | | | | | | | | | | | | Now we can actually notice incorrect format strings in other translation units. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | bus driver: factor out bus_driver_check_caller_is_privileged, and allow rootSimon McVittie2015-02-032-32/+110
| | | | | | | | | | | | | | | | | | | | | | | | Unlike the initial mitigation for CVE-2014-8148, we now allow uid 0 to call UpdateActivationEnvironment. There's no point in root doing that, but there's also no reason why it's particularly bad - if an attacker is uid 0 we've already lost - and it simplifies use of this function for future things that do want to be callable by root, like BecomeMonitor for #46787. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | Add a test for uid-controlled permissionsSimon McVittie2015-02-035-0/+311
| | | | | | | | | | | | | | | | This is technical debt from mitigating CVE-2014-8148, which should really have had a regression test at the time. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | Add infrastructure to run bits of tests under an alternative uidSimon McVittie2015-02-035-12/+153
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | test: implement GLib-style "installed tests"Simon McVittie2015-02-032-6/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | We run each test twice: * once with the system's session.conf, as an integration test (test-cases that need a special configuration are automatically skipped) * once with our special test configuration files, which provide better coverage Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | Generate test configuration files via build-time sed, not configureSimon McVittie2015-02-032-25/+64
| | | | | | | | | | | | | | | | This means we can generate a version that works when installed, from the same source files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | Factor out some utility functions from test/dbus-daemon*Simon McVittie2015-02-037-350/+330
| | | | | | | | | | | | | | | | | | | | | | In the process, make test_kill_pid() safer: do not try to terminate more than one pid, or the NULL handle. Also stop leaking the address_fd in spawn_dbus_daemon, a pre-existing bug that was spotted by Philip Withnall during review. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | Bump required GLib version to 2.36Simon McVittie2015-02-033-9/+2
| | | | | | | | | | | | | | | | | | This is for g_close(), which the next commit will use. It also lets us rely on g_type_init() being a no-op (since 2.32 the type system is always initialized by a global constructor). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810 Reviewed-by: Philip Withnall
* | Update .gitignore filesLukasz Skalski2015-02-033-0/+6
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88943 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | NEWSSimon McVittie2015-02-021-1/+31
| |
* | lcov: use builddir, not srcdirSimon McVittie2015-02-021-2/+2
| | | | | | | | | | | | | | | | It seems lcov (or gcc?) has changed its paths since last time this worked. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88808 Reviewed-by: Philip Withnall
* | Enable subdir-objects Automake optionSimon McVittie2015-02-021-1/+1
| | | | | | | | | | | | | | | | It has been supported since at least 1.10, and its absence is deprecated since 1.14. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88808 Reviewed-by: Philip Withnall
* | bus: exit on fatal errors even if not sysloggingSimon McVittie2015-02-021-0/+4
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88808 Reviewed-by: Philip Withnall
View Lorry Controller Status