98296 – systemd: tighten the service security a bit

Bug 98296 - systemd: tighten the service security a bit

Summary: systemd: tighten the service security a bit

Status:	RESOLVED FIXED

Alias:	None

Product:	ModemManager
Classification:	Unclassified
Component:	general (show other bugs)
Version:	git master
Hardware:	Other All

Importance:	medium normal
Assignee:	ModemManager bug user
QA Contact:

URL:
Whiteboard:
Keywords:

Duplicates (1):	96725 (view as bug list)
Depends on:
Blocks:

Reported:	2016-10-17 16:31 UTC by Lubomir Rintel
Modified:	2016-10-24 11:19 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
systemd: tighten the service security a bit (1.15 KB, patch) 2016-10-17 16:31 UTC, Lubomir Rintel	Details \| Splinter Review
View All

Description Lubomir Rintel 2016-10-17 16:31:11 UTC

Created attachment 127365 [details] [review]
systemd: tighten the service security a bit

What's left enabled:
    
    * Access to /dev -- obviously
    * CAP_SYS_ADMIN -- this is needed by TIOCSSERIAL only. Too bad this also
      allows TIOCSTI, which allows for code injection unless something else
      (SELinux) disallows access to ttys with shells.
      Maybe kernel should use CAP_SYS_TTY_CONFIG for this.
    * socket(AF_NETLINK) -- udev & kernel device changes
    * socket(AF_UNIX) -- D-Bus

Comment 1 Aleksander Morgado 2016-10-24 11:18:02 UTC

*** Bug 96725 has been marked as a duplicate of this bug. ***

Comment 2 Aleksander Morgado 2016-10-24 11:19:07 UTC

Pushed to git master, thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.