From 05f94f5e80deb354c422ef0d17132a7b0603e423 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Mon, 26 Jan 2015 20:06:48 +0000
Subject: [PATCH 2/4] Prevent a local attacker from making systemd activation
 appear to fail

---
 bus/driver.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/bus/driver.c b/bus/driver.c
index b50eb76..16ee90d 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2125,8 +2125,26 @@ bus_driver_handle_message (DBusConnection *connection,
   if (dbus_message_is_signal (message, "org.freedesktop.systemd1.Activator", "ActivationFailure"))
     {
       BusContext *context;
+      DBusConnection *systemd;
 
       context = bus_connection_get_context (connection);
+      systemd = bus_driver_get_owner_of_name (connection,
+          "org.freedesktop.systemd1");
+
+      if (systemd != connection)
+        {
+          const char *attacker;
+
+          attacker = bus_connection_get_name (connection);
+          bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY,
+                           "Ignoring forged ActivationFailure message from "
+                           "connection %s (%s)",
+                           attacker ? attacker : "(unauthenticated)",
+                           bus_connection_get_loginfo (connection));
+          /* ignore it */
+          return TRUE;
+        }
+
       return dbus_activation_systemd_failure(bus_context_get_activation(context), message);
     }
 
-- 
2.1.4