| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The <apparmor> element can contain a single mode attribute that has one
of three values:
"enabled"
"disabled"
"required"
"enabled" means that kernel support is autodetected and, if available,
AppArmor mediation occurs in dbus-daemon. If kernel support is not
detected, mediation is disabled. "disabled" means that mediation does
not occur. "required" means that kernel support must be detected for
dbus-daemon to start.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 54d26df52b6a394bea175651d1d7ad2ab3f87dea.
It appears this change may cause intermittent slow or failed boot,
more commonly on slower/older machines, in at least Mageia and
possibly also Debian. This would indicate that while the system
is under load, system services are not completing authentication
within 5 seconds.
This change was not the main part of fixing CVE-2014-3639, but does
help to mitigate that attack. As such, increasing this timeout makes
the denial of service attack described by CVE-2014-3639 somewhat
more effective: a local user connecting to the system bus repeatedly
from many parallel processes can cause other users' attempts to
connect to take longer.
If your machine boots reliably with the shorter timeout, and
resilience against local denial of service attacks is important
to you, putting this in /etc/dbus-1/system-local.conf
or a file matching /etc/dbus-1/system.d/*.conf can restore
the lower limit:
<busconfig>
<limit name="auth_timeout">5000</limit>
</busconfig>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is one of four commits needed to address CVE-2014-3637.
When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.
This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partially addresses CVE-2014-3639.
This will change the default on the system bus where the limit
<limit name="auth_timeout">...</limit>
is not specified.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80919
Reviewed-by: Thiago Macieira <thiago@kde.org>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
| |
This addresses CVE-2014-3638.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=81053
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
| |
The algorithm to collapse a subsidiary config file's data into the
master data structure forgot to examine this flag.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73475
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
| |
It's sufficiently portable that GLib has an equivalent, and I really
don't want to have to either open-code it in dbus-run-session or
link dbus-run-session statically. We have enough statically-linked
rubbish already.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39196
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
| |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66291
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QNX has an arbitrary limit to the number of file descriptors
which may be passed in a message, which is smaller than the
current default. This patch therefore changes the default from
a hardcoded constant to a macro, which is determined at configure
time by looking at the host operating system.
[This reduces the limit from 4096 (session)/1024 (system) to 128 fds
per message on QNX, and 1024 fds per message on other operating systems.
I think the reduced session bus limit on other OSs is a reasonable change
too, given that the default hard/soft ulimits in Linux are only 4096/1024
fds per process. -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61176
Reviewed-by: Simon McVittie <simon.mcvittie.collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
| |
<servicehelper> is not supported in the included config file, i. e. it's
not merged in merge_included(). There's clearly no reason it shouldn't
be supported in the included config file along with <user>, <type>
and others. It's quite reasonable for a client willing to override the
default servicehelper, e. g. in system-local.conf.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51560
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
| |
After parsing [allow|deny] rules with own_prefix, check they are enforced
correctly.
https://bugs.freedesktop.org/show_bug.cgi?id=46886
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=46882
|
|
|
|
|
|
|
|
|
|
|
| |
In practice, it never works, because the activation helper doesn't
respect environment variables for security reasons.
If you want to vary the search path, alter system.conf instead, to
replace or augment <standard_system_servicedirs/> with your preferred
search path.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=21620
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
| |
It's unused on Unix, and gcc warns.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39231
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
| |
In order to allow D-Bus usage during early boot (where /usr is not
accessible) also search for bus activation files in
/lib/dbus-1/system-services/. This is only a first step in the right
direction, before we really can boot without /usr we'd need to move all
current activation files (or possibly replace
/usr/dbus-1/system-services to a symlink to
/lib/dbus-1/system-services).
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=10887
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
|
|
|
|
| |
On Windows Systems ELEMENT_TYPE is already defined
in Winioctl.h this header is included indirectly
in dbus-sysdeps.h. By avoiding the use of the Name
ELEMENT_TYPE it is ensured that config-parser-common.h
can be included together with dbus-sysdeps.h
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
| |
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is more graceful than failing entirely (our previous behaviour),
but more visible than ignoring it completely (the previous behaviour
patched in by Debian and derivatives).
Based on a patch from Daniel Silverstone back in 2004, which was meant
to be temporary; I think it makes sense to change this permanently,
since files in *.d are typically supplied by other packages, whose bugs
shouldn't be able to bring down dbus-daemon.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=19186
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=230231
Reviewed-by: Colin Walters <walters@verbum.org>
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
dbus/dbus-connection.c
dbus/dbus-message-util.c
dbus/dbus-sysdeps-unix.c
|
| |
| |
| |
| |
| | |
Create configuration settings and enforce message unix fd limits the
same way we do for allocated message memory.
|
| |
| |
| |
| |
| |
| | |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|/
|
|
|
|
|
| |
* bus/config-parser.c (bus_config_parser_new): change the default reply
timeout to "never"
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
bus/bus.c
bus/config-parser-common.c
bus/config-parser-common.h
bus/config-parser.c
bus/connection.c
bus/dbus-daemon.1.in
dbus/dbus-marshal-validate-util.c
dbus/dbus-marshal-validate.c
dbus/dbus-sysdeps-util-unix.c
test/name-test/tmp-session-like-system.conf
|
| |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| | |
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
|
| |
| |
| |
| |
| | |
We need to start logging denials so that they become more easily trackable
and debuggable.
|
| |
| |
| |
| |
| | |
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
|
| |
| |
| |
| |
| | |
We need to start logging denials so that they become more easily trackable
and debuggable.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* bus/bus.c: Set allow_anonymous if specified from
parser.
* bus/config-parser.c: Parse it.
* bus/config-parser-common.h: Declare it.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|/
|
|
| |
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
|
|
|
|
|
| |
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* bus/config-parser.c (locate_attributes): remove dead code which
always evaluated to TRUE
* dbus/dbus-shell.c (_dbus_shell_quote): remove unused code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.in: add AM_PROG_CC_C_O to allow per-target CPPFLAGS
* bus/dispatch.c (bus_dispatch_test_conf): Fix up setting
TEST_LAUNCH_HELPER_CONFIG to include the full path, and enable
test shell_fail_service_auto_start when use_launcher==TRUE
* bus/activation-helper-bin.c (convert_error_to_exit_code): pass
through the INVALID_ARGS error so the test suite works
* bus/activation.c (handle_activation_exit_error): return
DBUS_ERROR_NO_MEMORY if we get BUS_SPAWN_EXIT_CODE_NO_MEMORY
* dbus/dbus-spawn.c (_dbus_babysitter_get_child_exit_status):
return only the exit code of the child, not the entire thingy from
waitpid(), and make the return value indicate whether the child
exited normally (with a status code)
* bus/bus.c (process_config_first_time_only): _dbus_strdup works
on NULL so no need to check
(process_config_every_time): move servicehelper init here, so we
reload it on HUP or config file change
* bus/Makefile.am (install-data-hook): remove comment because
Emacs make mode seems to be grumpy about it
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/Makefile.am:
* bus/config-parser.c: (bus_config_parser_unref),
(start_busconfig_child), (bus_config_parser_end_element),
(servicehelper_path), (bus_config_parser_content),
(bus_config_parser_finished),
(bus_config_parser_get_servicehelper),
(test_default_session_servicedirs),
(test_default_system_servicedirs), (bus_config_parser_test):
* bus/config-parser.h:
Make the config-parser code use the common config code.
Also add the session and systemdirs stuff, and make the config parser
aware of the servicehelper field.
|
|
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
|
|
|
|
| |
* bus/config-parser.c (test_default_session_servicedirs): made allocation of _progs platform independent.
|
| |
|
|
|
|
| |
bus/dbus-daemon.1.in,bus/session.conf.in: added eavesdrop support for replies - patch by olli.salli at collabora.co.uk approved by Havoc Pennington.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/dbus-launch.c (do_close_stderr): fix C89 problem and
formatting problem
* Mostly fix the DBusPipe mess.
- put line break after function return types
- put space before parens
- do not pass structs around by value
- don't use dbus_strerror after calling supposedly cross-platform
api
- don't name pipe variables "fd"
- abstract special fd numbers like -1 and 1
|
|
|
|
|
|
|
|
|
|
| |
* bus/session.conf.in: override all the default limits with much
higher limits on the session bus, there is no reason the session
bus should have low limits
* bus/config-parser.c (bus_config_parser_new): increase default
limits so they are less likely to be hit; in particular the max
replies per connection was way too low
|
|
|
|
|
|
|
|
|
|
|
| |
_dbus_list_get_next_link so we don't get stuck in an infinite loop
(start_busconfig_child): move processing of standard_session_servicedirs
tags here because they have no content
(bus_config_parser_content): check we don't have content in
standard_session_servicedirs tag
* tools/Makefile.am: Make sure the /var/lib/dbus directory is created
Packagers need to own this directory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/config-parser.c: add the standard_session_servicedirs element
to the parser
(bus_config_parser_content): process the standard_session_servicedirs
element by getting the standard directories from sysdeps and merging
them into the service directory list
(test_default_session_servicedirs): make sure we get what we expect
* bus/session.conf.in: replace the servicedir tag with the
standard_session_servicedirs tag
* dbus/dbus-list.h: remove the typedef of DBusList and place it in
dbus-sysdeps.h to avoid circular header dependencies
* dbus/dbus-sysdeps.h: add the typedef of DBusList
* dbus/dbus-sysdeps-unix.c (split_paths_and_append): utility function
which takes a string of directories delimited by colons, parses them
out, appends a suffix and puts them in a list ignoring empty elements
(_dbus_get_standard_session_servicedirs): returns the standard
directories for a session bus to look for service activation files
on Unix which includes the XDG_DATA_HOME, XDG_DATA_DIRS and
DBUS_DATADIR directories
* test/data/valid-config-files/many-rules.conf: add the
standard_session_servicedirs tag to the valid config file tests
|
|
|
|
|
|
|
|
|
| |
service_dirs_append_unique_or_free,
service_dirs_append_link_unique_or_free): New static methods
for only appending unique service directory names into
the service directory list
(merge_included, bus_config_parser_content): Only add unique
service directory names into the list
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with cleanups of bugs found from Coverity reports:
* dbus/dbus-sysdeps-util.c (_dbus_write_pid_file):
close the file on error to avoid a leak
* bus/expirelist.c (bus_expire_list_test):
Check for NULL on dbus_new0
* bus/activation.c (update_directory):
remove dead code
* bus/config-parser.c (merge_service_context_hash, start_selinux_child):
Fix some leaks
* bus/bus.c (process_config_every_time):
Fixed a leak
* bus/desktop-file.c (parse_key_value):
Fixed leak
* bus/selinux.c (bus_selinux_id_table_insert):
Fixed leak
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/bus.c (process_config_every_time): Drop existing conf-dir
watches (if applicable) and add new watches
* bus/main.c (signal_handler): Handle SIGIO if using D_NOTIFY
(main): Setup SIGIO signal handler if using D_NOTIFY
* bus/config-parser.h: Add prototype bus_config_parser_get_conf_dirs
* bus/config-parser.c (struct BusConfigParser): Add conf_dirs list
(merge_included): Also merge conf_dirs list
(bus_config_parser_unref): Clear conf_dirs list
(include_dir): Add directory to conf_dirs list
(bus_config_parser_get_conf_dirs): New function
* bus/dir-watch.[ch]: New files
* bus/Makefile.am (BUS_SOURCES): Add dir-watch.[ch]
* configure.in: Add checks for D_NOTIFY on Linux
|