naccyde / rpms / systemd

Forked from rpms/systemd a year ago
Clone
281364
From 004130ae74688eb321aadc05192bab69fe5cbcbf Mon Sep 17 00:00:00 2001
281364
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
281364
Date: Fri, 22 Jul 2022 11:45:12 +0200
281364
Subject: [PATCH] manager: limit access to private dbus socket
281364
281364
For the system manager, /run/systemd/private is publicly accessible, because
281364
/run/systemd is 0755, and /run/systemd/private is 0777. For the user manager,
281364
/run/user/<uid> is 0700, and /run/user/<uid>/systemd/private is 0777. This
281364
does not directly cause any security issue because we check the sender in
281364
bus_check_peercred (ucred.uid != 0 && ucred.uid != geteuid()).
281364
281364
But it makes sense to limit access to the socket to avoid wasting time in PID1.
281364
Somebody could send messages there that'd we'd reject anyway. It also makes
281364
things more explicit.
281364
281364
(cherry picked from commit df1cbd1adf26071aab41d96e054452a3d66103a4)
281364
281364
Resolves: #2119405
281364
---
281364
 src/core/dbus.c | 4 +++-
281364
 1 file changed, 3 insertions(+), 1 deletion(-)
281364
281364
diff --git a/src/core/dbus.c b/src/core/dbus.c
281364
index 66d838cdb4..ec6c52cb85 100644
281364
--- a/src/core/dbus.c
281364
+++ b/src/core/dbus.c
281364
@@ -42,6 +42,7 @@
281364
 #include "string-util.h"
281364
 #include "strv.h"
281364
 #include "strxcpyx.h"
281364
+#include "umask-util.h"
281364
 #include "user-util.h"
281364
 
281364
 #define CONNECTIONS_MAX 4096
281364
@@ -1019,7 +1020,8 @@ int bus_init_private(Manager *m) {
281364
         if (fd < 0)
281364
                 return log_error_errno(errno, "Failed to allocate private socket: %m");
281364
 
281364
-        r = bind(fd, &sa.sa, salen);
281364
+        RUN_WITH_UMASK(0077)
281364
+                r = bind(fd, &sa.sa, salen);
281364
         if (r < 0)
281364
                 return log_error_errno(errno, "Failed to bind private socket: %m");
281364