| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UpdateActivationEnvironment is the one dbus-daemon API call that is
obviously dangerous (it is intended for the session bus),
so the default system.conf does not allow anyone to call it.
It has recently come to the D-Bus maintainers' attention that some
system services incorrectly install D-Bus policy rules that allow
arbitrary method calls to any destination as long as they have a
"safe" object path. This is not actually safe: some system services
that use low-level D-Bus bindings like libdbus, including dbus-daemon
itself, provide the same API on all object paths.
Unauthorized calls to UpdateActivationEnvironment are probably just
resource consumption rather than privilege escalation, because on
the system bus, the modified environment is only used to execute
a setuid wrapper that avoids LD_PRELOAD etc. via normal setuid
handling, and sanitizes its own environment before executing
the real service. However, it's safest to assume the worst and
treat it as a potential privilege escalation.
Accordingly, as a hardening measure to avoid privilege escalation on
systems with these faulty services, stop allowing calls to
("/com/example/Whatever",
"org.freedesktop.DBus.UpdateActivationEnvironment")
and only allow ("/org/freedesktop/DBus",
"org.freedesktop.DBus.UpdateActivationEnvironment").
We deliberately continue to provide read-only APIs like
GetConnectionUnixUser at all object paths, for backwards compatibility.
Reviewed-by: Thiago Macieira <thiago@kde.org>
[adjusted commit message to note that this is probably only DoS -smcv]
|
| |
|
|
|
|
| |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(bus_driver_generate_introspect_string): New method for populating
a DBusString with the introspect data
(bus_driver_handle_introspect): Move introspect generation code to
bus_driver_generate_introspect_string
* bus/main.c:
(introspect): New function which prints out the intropect data and
exits
(main): Add a --introspect switch
|
| |
|
|
|
|
|
| |
* bus/driver.c, bus/driver.h, bus/services.c: Use ServiceOwnerChanged
signal instead of ServiceCreated and ServiceDeleted.
* bus/dispatch.c: update testcase for the new signal.
|
| |
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
| |
|
|
|
| |
* Update AFL version to 2.0 throughout the source files to reflect
the update that was done a while ago.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mega-patch that gets the message bus daemon initially handling
out-of-memory. Work still needed. Also lots of random
moving stuff to DBusError instead of ResultCode.
* dbus/dbus-list.c (_dbus_list_length_is_one): new function
* dbus/dbus-connection.c
(dbus_connection_send_with_reply_and_block): use DBusError
* dbus/dbus-bus.c: adapt to API changes, make it use DBusError not
DBusResultCode
* dbus/dbus-connection.c (dbus_connection_send): drop the result
code here, as the only failure possible is OOM.
* bus/connection.c (bus_connection_disconnect):
rename bus_connection_disconnected as it's a notification only
* bus/driver.c (bus_driver_handle_acquire_service): don't free
"name" on get_args failure, should be done by get_args;
don't disconnect client for bad args, just return an error.
(bus_driver_handle_service_exists): ditto
* bus/services.c (bus_services_list): NULL-terminate returned array
* bus/driver.c (bus_driver_send_service_lost)
(bus_driver_send_service_acquired): send messages from driver to a
specific client to the client's unique name, not to the broadcast
service.
* dbus/dbus-message.c (decode_header_data): reject messages that
contain no name field
(_dbus_message_get_client_serial): rename to
dbus_message_get_serial and make public
(_dbus_message_set_serial): rename from set_client_serial
(_dbus_message_set_reply_serial): make public
(_dbus_message_get_reply_serial): make public
* bus/connection.c (bus_connection_foreach): allow stopping
iteration by returning FALSE from foreach function.
* dbus/dbus-connection.c (dbus_connection_send_preallocated)
(dbus_connection_free_preallocated_send)
(dbus_connection_preallocate_send): new API for sending a message
without possibility of malloc failure.
(dbus_connection_send_message): rename to just
dbus_connection_send (and same for whole function family)
* dbus/dbus-errors.c (dbus_error_free): make this reinit the error
* dbus/dbus-sysdeps.c (_dbus_exit): new function
* bus/activation.c: handle/return errors
* dbus/dbus-errors.h: add more DBUS_ERROR #define
* dbus/dbus-sysdeps.c (_dbus_directory_open) (_dbus_file_get_contents)
(_dbus_directory_get_next_file): use DBusError instead of DBusResultCode
(_dbus_result_from_errno): move to this file
|
| |
|
|
|
|
|
|
|
|
| |
* bus/driver.c: (bus_driver_handle_hello):
* bus/driver.h:
* bus/services.c: (bus_service_lookup):
Reorder message sending so we get a more sane order.
* test/bus-test.c: (message_handler):
Fix tyop.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/dispatch.c: (bus_dispatch_message_handler):
Dispatch messages sent to services.
* bus/driver.c: (bus_driver_send_service_deleted),
(bus_driver_send_service_created), (bus_driver_send_service_lost),
(bus_driver_send_service_acquired):
Add helper functions for sending service related messages.
(bus_driver_send_welcome_message):
Send HELLO_REPLY instead of WELCOME.
(bus_driver_handle_list_services):
Send LIST_SERVICES_REPLY instead of SERVICES.
(bus_driver_handle_own_service),
(bus_driver_handle_service_exists):
New message handlers.
(bus_driver_handle_message):
Invoke new message handlers.
(bus_driver_remove_connection):
Don't remove any services here since that's done automatically
by bus_service_remove_owner now.
* bus/driver.h:
New function signatures.
* bus/services.c: (bus_service_add_owner):
Send ServiceAcquired message if we're the only primary owner.
(bus_service_remove_owner):
Send ServiceAcquired/ServiceLost messages.
(bus_service_set_prohibit_replacement),
(bus_service_get_prohibit_replacement):
Functions for setting prohibit replacement.
(bus_service_has_owner):
New function that checks if a connection is in the owner queue of
a certain service.
* bus/services.h:
Add new function signatures.
* dbus/dbus-list.c: (_dbus_list_test):
Add tests for _dbus_list_remove_last and traversing the list backwards.
* dbus/dbus-list.h:
Fix a typo in _dbus_list_get_prev_link, if we're at the first element we can't
go any further, so return NULL then.
* dbus/dbus-protocol.h:
Add new messages, service flags and service replies.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/Makefile.am:
* bus/connection.c: (connection_disconnect_handler),
(connection_watch_callback), (bus_connection_setup):
* bus/dispatch.c: (send_one_message),
(bus_dispatch_broadcast_message), (bus_dispatch_message_handler),
(bus_dispatch_add_connection), (bus_dispatch_remove_connection):
* bus/dispatch.h:
* bus/driver.c: (bus_driver_send_service_deleted),
(bus_driver_send_service_created), (bus_driver_handle_hello),
(bus_driver_send_welcome_message),
(bus_driver_handle_list_services), (bus_driver_remove_connection),
(bus_driver_handle_message):
* bus/driver.h:
Refactor code, put the message dispatching in its own file. Use
_DBUS_HANDLE_OOM. Also send ServiceDeleted messages when a client
is disconnected.
|
| |
|
|
|
|
|
| |
* dbus/dbus-connection.c
(dbus_connection_send_message_with_reply_and_block): add some @todo
* bus/driver.c (bus_driver_add_connection): add a FIXME about memleak
|
|
|
* bus/Makefile.am:
Add driver.[ch]
* bus/connection.c: (connection_disconnect_handler):
Remove the connection from the bus driver's list.
(connection_watch_callback): Dispatch messages.
(free_connection_data): Free connection name.
(bus_connection_setup): Add connection to the bus driver's list.
(bus_connection_remove_owned_service):
(bus_connection_set_name), (bus_connection_get_name):
Add functions for setting and getting the connection's name.
* bus/connection.h:
Add function headers.
* bus/driver.c: (create_unique_client_name),
(bus_driver_handle_hello_message),
(bus_driver_send_welcome_message), (bus_driver_message_handler),
(bus_driver_add_connection), (bus_driver_remove_connection):
* bus/driver.h:
* bus/main.c:
* bus/services.c: (bus_service_free):
* bus/services.h:
New file that handles communication and registreation with the bus
itself.
|
