[system-tools-backends-clone] Improve security check in SelfConfig handling

From: Milan Bouchet-Valat <milanbv src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [system-tools-backends-clone] Improve security check in SelfConfig handling
Date: Sun, 17 Jan 2010 21:11:41 +0000 (UTC)

commit 5dffdef3746437ce1d00f982649dc0607a3418d1
Author: Milan Bouchet-Valat <nalimilan club fr>
Date:   Sat Jan 16 18:31:38 2010 +0100

    Improve security check in SelfConfig handling
    
    Never allow an UID of 0 to pass, in case of strange failure. Use gulong for UID since it's what D-Bus uses.

 dispatcher/dispatcher.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/dispatcher/dispatcher.c b/dispatcher/dispatcher.c
index 62ba9b6..15b8eb9 100644
--- a/dispatcher/dispatcher.c
+++ b/dispatcher/dispatcher.c
@@ -509,12 +509,13 @@ dispatch_self_config (StbDispatcher *dispatcher,
 
   priv = dispatcher->_priv;
   sender = dbus_message_get_sender (message);
-  uid = (uid_t) dbus_bus_get_unix_user (priv->connection, sender, NULL);
+  uid = dbus_bus_get_unix_user (priv->connection, sender, NULL);
 
-  g_return_if_fail (uid != -1);
+  /* Absolutely avoid UID 0 being allowed */
+  g_return_if_fail (uid > 0);
 
   if (dbus_message_get_args (message, NULL,
-                             DBUS_TYPE_UINT32, &message_uid,
+                             DBUS_TYPE_UINT32, &uid,
                              DBUS_TYPE_INVALID)
                              && message_uid == uid)
     {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]