From c169faa36738e11f02bedd9fbcd8d77c65edaf2e Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 23 Jun 2017 15:20:04 +0100 Subject: [PATCH 28/49] bus/containers: Don't allow stopping other users' containers On the system bus, that would be a denial of service, assuming we relax the access-control from METHOD_FLAG_PRIVILEGED to a new METHOD_FLAG_NOT_CONTAINERS later. Signed-off-by: Simon McVittie --- bus/containers.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/bus/containers.c b/bus/containers.c index 8189711a..ffb5d4b2 100644 --- a/bus/containers.c +++ b/bus/containers.c @@ -722,6 +722,7 @@ bus_containers_handle_stop_container_instance (DBusConnection *connection, BusContainerInstance *instance = NULL; DBusList *iter; const char *path; + unsigned long uid; if (!dbus_message_get_args (message, error, DBUS_TYPE_OBJECT_PATH, &path, @@ -744,6 +745,21 @@ bus_containers_handle_stop_container_instance (DBusConnection *connection, goto failed; } + if (!dbus_connection_get_unix_user (connection, &uid)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Unable to determine user ID of caller"); + goto failed; + } + + if (uid != instance->uid) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "User %lu cannot stop a container server started by " + "user %lu", uid, instance->uid); + goto failed; + } + bus_container_instance_ref (instance); bus_container_instance_stop_listening (instance); @@ -774,6 +790,7 @@ bus_containers_handle_stop_container_listening (DBusConnection *connection, BusContainers *containers; BusContainerInstance *instance = NULL; const char *path; + unsigned long uid; if (!dbus_message_get_args (message, error, DBUS_TYPE_OBJECT_PATH, &path, @@ -796,6 +813,21 @@ bus_containers_handle_stop_container_listening (DBusConnection *connection, goto failed; } + if (!dbus_connection_get_unix_user (connection, &uid)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Unable to determine user ID of caller"); + goto failed; + } + + if (uid != instance->uid) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "User %lu cannot stop a container server started by " + "user %lu", uid, instance->uid); + goto failed; + } + bus_container_instance_ref (instance); bus_container_instance_stop_listening (instance); bus_container_instance_unref (instance); -- 2.11.0