Closed vmihalko closed 1 year ago
In GitLab by @bluca on Jan 19, 2023, 03:09
added 5 commits
polkit:master
In GitLab by @bluca on Jan 19, 2023, 03:09
marked this merge request as draft
In GitLab by @poettering on Jan 19, 2023, 17:43
Commented on src/polkitbackend/polkitbackendcommon.c line 556
i am pretty sure you want to use the existing gdbus connection, no?
In GitLab by @poettering on Jan 19, 2023, 17:47
Commented on src/polkit/polkitsystembusname.c line 394
this is a security issue. the pidfd might end up referring to an entirely different process than originally sent the message, because the pid got recycled.
it's a trivially exploitable security issue, to authenticate things via PID because of this. You'd need SCM_PIDFD to lock this down.
In GitLab by @poettering on Jan 19, 2023, 17:49
Commented on src/polkit/polkitsystembusname.c line 394
(it might be OK to validate that the pidfd after you got it to ensure it matches the sender's uid. if so, it's not too bad to allow this race to happen, since it will mean that the pid recycle security issue can only be exploited by the original user, which limits the attack surface a bit. but not sure how much that is worth in a world where userns mappings are commonplace. In particular as people might assume you actually authenticate by cgroup, but what you actually do is authenticate by the uid, just via some baroque way to reference it)
In GitLab by @bluca on Jan 19, 2023, 17:50
Commented on src/polkit/polkitsystembusname.c line 394
I know, there's a full set of things needed. This moves further along the way, and doesn't make anything worse than it already was. It's one piece of the puzzle
In GitLab by @bluca on Jan 20, 2023, 02:42
added 2 commits
In GitLab by @bluca on Jan 20, 2023, 17:56
Commented on src/polkitbackend/polkitbackendcommon.c line 556
sd-bus is so much nicer... - I leave that to @jrybar to decide whether he wants this to use gdbus or not
In GitLab by @bluca on Mar 22, 2023, 04:27
Commented on src/polkit/polkitsystembusname.c line 394
changed this line in version 4 of the diff
In GitLab by @bluca on Mar 22, 2023, 04:27
added 17 commits
polkit:master
In GitLab by @bluca on Mar 22, 2023, 13:53
Commented on src/polkit/polkitsystembusname.c line 394
This is now implemented depending on the new SO_PEERPIDFD https://lore.kernel.org/netdev/20230321183342.617114-1-aleksandr.mikhalitsyn@canonical.com/ and GetCredentials() https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/398
In GitLab by @bluca on Mar 22, 2023, 13:53
mentioned in merge request dbus/dbus!398
In GitLab by @bluca on Mar 25, 2023, 03:55
Commented on src/polkitbackend/polkitbackendcommon.c line 556
changed this line in version 5 of the diff
In GitLab by @bluca on Mar 25, 2023, 03:55
added 2 commits
In GitLab by @bluca on Mar 25, 2023, 03:55
Commented on src/polkitbackend/polkitbackendcommon.c line 556
switched to gdbus
In GitLab by @bluca on Mar 25, 2023, 03:55
resolved all threads
In GitLab by @bluca on Mar 25, 2023, 04:20
added 2 commits
In GitLab by @bluca on Mar 25, 2023, 04:25
added 1 commit
In GitLab by @bluca on Mar 25, 2023, 04:27
added 2 commits
In GitLab by @bluca on Mar 27, 2023, 24:56
added 2 commits
In GitLab by @bluca on Mar 27, 2023, 01:11
added 1 commit
In GitLab by @bluca on Mar 27, 2023, 01:14
added 2 commits
In GitLab by @bluca on Mar 27, 2023, 12:42
added 1 commit
In GitLab by @bluca on Apr 5, 2023, 24:30
added 4 commits
polkit:master
In GitLab by @bluca on Apr 5, 2023, 03:45
added 1 commit
In GitLab by @bluca on Apr 5, 2023, 13:00
added 1 commit
In GitLab by @bluca on Apr 5, 2023, 14:37
added 4 commits
polkit:master
In GitLab by @smcv on May 15, 2023, 21:25
Commented on src/polkit/polkitsystembusname.c line 513
(dbus hat on)
Please don't make authoritative statements like this about changes that haven't been merged. It's entirely possible that 1.15.6 will be released without this feature.
In GitLab by @bluca on May 15, 2023, 21:29
Commented on src/polkit/polkitsystembusname.c line 513
I did not intent to un-draft this until the corresponding dbus-daemon PR was merged. I'll update to a TODO instead.
In GitLab by @smcv on May 15, 2023, 22:19
Commented on src/polkit/polkitsystembusname.c line 513
1.15.TODO
would make sense :-)
In GitLab by @bluca on Aug 17, 2023, 16:00
resolved all threads
In GitLab by @bluca on Aug 17, 2023, 16:00
added 4 commits
polkit:master
In GitLab by @bluca on Aug 17, 2023, 16:01
marked this merge request as ready
In GitLab by @bluca on Aug 17, 2023, 16:01
Commented on src/polkit/polkitsystembusname.c line 513
changed this line in version 18 of the diff
In GitLab by @bluca on Aug 17, 2023, 16:01
added 21 commits
polkit:master
In GitLab by @bluca on Aug 17, 2023, 16:06
added 1 commit
In GitLab by @bluca on Aug 28, 2023, 18:34
@jrybar gentle ping :-) kernel 6.5 is out with the new API, so we can add this feature now. I've also split out the first commit, which is a bugfix, in a separate MR if that makes it easier to review: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/189
In GitLab by @jrybar on Sep 1, 2023, 20:57
requested review from @jrybar
In GitLab by @bluca on Sep 8, 2023, 18:32
@jrybar thank you! I'll be doing a lighting talk about this workstream at All Systems Go next week in case you are interested: https://cfp.all-systems-go.io/all-systems-go-2023/talk/T3LJAM/
In GitLab by @jrybar on Sep 11, 2023, 12:29
Eager to watch, thanks! :smile:
BTW, I've just found out it somehow breaks polkit-pkla-compat on Fedora. I'll investigate it, but more likely just another nail in the coffin of the package (or making it a weak dependency at least).
In GitLab by @bluca on Jan 1, 2023, 16:27
_Merges check_unitpid -> master
When building with libsystemd support, query the systemd unit name that the process if part of (if any) and add it as a subject attribute. Allows allow-listing actions based on the systemd unit:
We call it system_unit instead of just unit to make it extra clear that this is about system units, rather than user units. If we ran as root we could also query for the user unit, but we are running as the polkitd user in most cases which means we cannot connect to other D-Bus sessions to perform the query.