Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:Test
NetworkManager-gnome
nma-cve-2009-0578.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nma-cve-2009-0578.patch of Package NetworkManager-gnome
commit 765f783d0037949fd75ee151b0704725cfedfc09 Author: Tambet Ingo <tambet@gmail.com> Date: Tue Feb 24 09:25:36 2009 +0200 nm-applet-0.7-cve-2009-0578 diff --git a/src/gconf-helpers/nma-gconf-connection.c b/src/gconf-helpers/nma-gconf-connection.c index 4665018..cd57ec9 100644 --- a/src/gconf-helpers/nma-gconf-connection.c +++ b/src/gconf-helpers/nma-gconf-connection.c @@ -1,6 +1,11 @@ /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ #include <string.h> +#include <unistd.h> + +#include <dbus/dbus.h> +#include <dbus/dbus-glib.h> +#include <dbus/dbus-glib-lowlevel.h> #include <nm-setting-connection.h> #include <nm-setting-vpn.h> #include "nma-gconf-connection.h" @@ -331,11 +336,84 @@ get_secrets: } static gboolean +is_user_request_authorized (DBusGMethodInvocation *context, + GError **error) +{ + DBusGConnection *bus = NULL; + DBusConnection *connection = NULL; + char *sender = NULL; + gulong sender_uid = G_MAXULONG; + DBusError dbus_error; + gboolean success = FALSE; + + sender = dbus_g_method_get_sender (context); + if (!sender) { + g_set_error (error, NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_INTERNAL_ERROR, + "%s", "Could not determine D-Bus requestor"); + goto out; + } + + bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, NULL); + if (!bus) { + g_set_error (error, NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_INTERNAL_ERROR, + "%s", "Could not get the system bus"); + goto out; + } + connection = dbus_g_connection_get_connection (bus); + if (!connection) { + g_set_error (error, NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_INTERNAL_ERROR, + "%s", "Could not get the D-Bus system bus"); + goto out; + } + + dbus_error_init (&dbus_error); + /* FIXME: do this async */ + sender_uid = dbus_bus_get_unix_user (connection, sender, &dbus_error); + if (dbus_error_is_set (&dbus_error)) { + dbus_error_free (&dbus_error); + g_set_error (error, NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_PERMISSION_DENIED, + "%s", "Could not determine the Unix user ID of the requestor"); + goto out; + } + + /* And finally, the actual UID check */ + if (sender_uid != geteuid()) { + g_set_error (error, NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_PERMISSION_DENIED, + "%s", "Requestor UID does not match the UID of the user settings service"); + goto out; + } + + success = TRUE; + +out: + if (bus) + dbus_g_connection_unref (bus); + g_free (sender); + return success; +} + + +static gboolean update (NMExportedConnection *exported, GHashTable *new_settings, GError **error) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (exported); NMConnection *tmp; gboolean success = FALSE; + DBusGMethodInvocation *context; + + context = g_object_get_data (G_OBJECT (exported), NM_EXPORTED_CONNECTION_DBUS_METHOD_INVOCATION); + + /* Restrict Update to execution by the current user only for DBus invocation */ + if (context && !is_user_request_authorized (context, error)) { + nm_warning ("%s.%d - Connection update permission denied: (%d) %s", + __FILE__, __LINE__, (*error)->code, (*error)->message); + return FALSE; + } tmp = nm_connection_new_from_hash (new_settings, error); if (!tmp) { @@ -359,14 +437,23 @@ update (NMExportedConnection *exported, GHashTable *new_settings, GError **error } static gboolean -do_delete (NMExportedConnection *exported, GError **err) +do_delete (NMExportedConnection *exported, GError **error) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (exported); gboolean success; + DBusGMethodInvocation *context; - success = gconf_client_recursive_unset (priv->client, priv->dir, 0, err); - gconf_client_suggest_sync (priv->client, NULL); + context = g_object_get_data (G_OBJECT (exported), NM_EXPORTED_CONNECTION_DBUS_METHOD_INVOCATION); + /* Restrict Delete to execution by the current user only for DBus invocation */ + if (context && !is_user_request_authorized (context, error)) { + nm_warning ("%s.%d - Connection delete permission denied: (%d) %s", + __FILE__, __LINE__, (*error)->code, (*error)->message); + return FALSE; + } + + success = gconf_client_recursive_unset (priv->client, priv->dir, 0, error); + gconf_client_suggest_sync (priv->client, NULL); return success; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor