Bug 27159 - polkitd crashes when calling pkcheck on a wrong PID
Summary: polkitd crashes when calling pkcheck on a wrong PID
Status: RESOLVED FIXED
Alias: None
Product: PolicyKit
Classification: Unclassified
Component: daemon (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium major
Assignee: David Zeuthen (not reading bugmail)
QA Contact: David Zeuthen (not reading bugmail)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-18 03:46 UTC by Milan Bouchet-Valat
Modified: 2010-10-21 00:47 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
git formatted patch (1.26 KB, patch)
2010-04-09 02:52 UTC, Martin Pitt 		Details | Splinter Review
View All

Description Milan Bouchet-Valat 2010-03-18 03:46:01 UTC 
If an unprivileged user runs something along the lines of:
$ pkcheck --allow-user-interaction --process 0 --action-id ACTION
with action requiring authentication (have not tested others), then polkitd crashes. This is kind of annoying...

Reported in Ubuntu 9.10 with PolicyKit 0.96.

#0  _egg_dbus_error_encode_gerror (error=0x24620b0) at eggdbuserror.c:135
	domain_as_string = (const gchar *) 0x0
	s = <value optimized out>
	n = <value optimized out>
	enum_type = <value optimized out>
#1  0x00007fb76001b7a1 in egg_dbus_method_invocation_return_gerror (
    method_invocation=0x24699c0, error=0x24620b0)
    at eggdbusmethodinvocation.c:342
	error_name = <value optimized out>
#2  0x00007fb760f37fd1 in check_auth_cb (source_object=<value optimized out>, 
    res=<value optimized out>, user_data=<value optimized out>)
    at polkitbackendauthority.c:875
	method_invocation = (EggDBusMethodInvocation *) 0x24699c0
	result = (PolkitAuthorizationResult *) 0x0
	error = (GError *) 0x24620b0
#3  0x00007fb760f3ae89 in polkit_backend_interactive_authority_check_authorization (authority=0x2463760, caller=0x2479300, subject=<value optimized out>, 
    action_id=<value optimized out>, details=<value optimized out>, 
    flags=<value optimized out>, cancellable=0x0, 
    callback=0x7fb760f37f00 <check_auth_cb>, user_data=0x24699c0)
    at polkitbackendinteractiveauthority.c:742
	priv = <value optimized out>
	caller_str = (gchar *) 0x2464af0 "system-bus-name::1.70"
	subject_str = (gchar *) 0x2464b10 "unix-process:2083:0"
	user_of_caller = (PolkitIdentity *) 0x2451740
	user_of_subject = (PolkitIdentity *) 0x0
	user_of_caller_str = (gchar *) 0x2475a80 "unix-user:pang"
	user_of_subject_str = (gchar *) 0x8 <Address 0x8 out of bounds>
	result = (PolkitAuthorizationResult *) 0xd8
	implicit_authorization = 1624055424
	error = (GError *) 0x2470c80
	simple = (GSimpleAsyncResult *) 0x2473120
	has_details = 216
	detail_keys = <value optimized out>
#4  0x00007fb760f3794b in authority_handle_check_authorization (
    instance=<value optimized out>, real_subject=<value optimized out>, 
    action_id=<value optimized out>, real_details=<value optimized out>, 
    flags=<value optimized out>, cancellation_id=<value optimized out>, 
    method_invocation=0x24699c0) at polkitbackendauthority.c:953
	caller_name = <value optimized out>
	subject = <value optimized out>
	caller = (PolkitSubject *) 0x2479300
	cancellable = (GCancellable *) 0x0
	details = (PolkitDetails *) 0x2461ae0
#5  0x00007fb760f48379 in handle_message (interface=0x2472ea0, 
    message=<value optimized out>) at _polkitauthority.c:2883
	__PRETTY_FUNCTION__ = "handle_message"
#6  0x00007fb7600134c8 in filter_function (dconnection=<value optimized out>, 
    message=0x245ccc0, user_data=<value optimized out>)
    at eggdbusconnection.c:2213
	ret = DBUS_HANDLER_RESULT_HANDLED
#7  0x00007fb75ee80386 in dbus_connection_dispatch (connection=0x245c7f0)
    at dbus-connection.c:4444
	filter = <value optimized out>
	next = (DBusList *) 0x0
	message = (DBusMessage *) 0x245ccc0
	link = <value optimized out>
	filter_list_copy = (DBusList *) 0x24722b0
	message_link = (DBusList *) 0x24722e0
	result = <value optimized out>
	status = <value optimized out>
	__FUNCTION__ = "dbus_connection_dispatch"
#8  0x00007fb75f0b8e45 in message_queue_dispatch (
    source=<value optimized out>, callback=<value optimized out>, 
    user_data=<value optimized out>) at dbus-gmain.c:101
	connection = (DBusConnection *) 0x245c7f0
#9  0x00007fb760a38432 in g_main_context_dispatch ()
   from /lib/libglib-2.0.so.0
No symbol table info available.
#10 0x00007fb760a3c2b8 in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#11 0x00007fb760a3c7c5 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#12 0x0000000000400a62 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.c:59
	ret = 0
	error = (GError *) 0x0
	loop = <value optimized out>
	authority = (PolkitBackendAuthority *) 0x2463760
Comment 1 Martin Pitt 2010-04-09 02:52:29 UTC 
Created attachment 34841 [details] [review]
git formatted patch

Ah, we were freeing an error which we just propagated upwards to the caller. Now it's working correctly:

$ pkcheck --allow-user-interaction --process 0 --action-id  org.freedesktop.systemtoolsbackends.set
Error checking for authorization org.freedesktop.systemtoolsbackends.set: Remote Exception invoking org.freedesktop.PolicyKit1.Authority.CheckAuthorization() on /org/freedesktop/PolicyKit1/Authority at name org.freedesktop.PolicyKit1: org.freedesktop.PolicyKit1.Error.Failed: stat() failed for /proc/0: No such file or directory
Comment 2 Martin Pitt 2010-10-21 00:47:50 UTC 
This is fixed in current git head.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.