aboutsummaryrefslogtreecommitdiffstats
path: root/community/gvfs/CVE-2019-12795.patch
blob: 8d22342424cde7aadfb4765982041b4756aacf6b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
From e3808a1b4042761055b1d975333a8243d67b8bfe Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 5 Jun 2019 13:33:38 +0100
Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user

Otherwise, an attacker who learns the abstract socket address from
netstat(8) or similar could connect to it and issue D-Bus method
calls.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c
index 406d4f8e..be148a7b 100644
--- a/daemon/gvfsdaemon.c
+++ b/daemon/gvfsdaemon.c
@@ -79,6 +79,7 @@ struct _GVfsDaemon
   
   gint mount_counter;
   
+  GDBusAuthObserver *auth_observer;
   GDBusConnection *conn;
   GVfsDBusDaemon *daemon_skeleton;
   GVfsDBusMountable *mountable_skeleton;
@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object)
     }
   if (daemon->conn != NULL)
     g_object_unref (daemon->conn);
+  if (daemon->auth_observer != NULL)
+    g_object_unref (daemon->auth_observer);
   
   g_hash_table_destroy (daemon->registered_paths);
   g_hash_table_destroy (daemon->client_connections);
@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection,
   daemon->lost_main_daemon = TRUE;
 }
 
+/*
+ * Authentication observer signal handler that authorizes connections
+ * from the same uid as this process. This matches the behaviour of a
+ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction
+ * has been set, but is not the default in GDBus.
+ */
+static gboolean
+authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
+                                 G_GNUC_UNUSED GIOStream *stream,
+                                 GCredentials *credentials,
+                                 G_GNUC_UNUSED gpointer user_data)
+{
+  gboolean authorized = FALSE;
+
+  if (credentials != NULL)
+    {
+      GCredentials *own_credentials;
+
+      own_credentials = g_credentials_new ();
+
+      if (g_credentials_is_same_user (credentials, own_credentials, NULL))
+        authorized = TRUE;
+
+      g_object_unref (own_credentials);
+    }
+
+  return authorized;
+}
+
 static void
 g_vfs_daemon_init (GVfsDaemon *daemon)
 {
@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon)
 
   daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
   g_assert (daemon->conn != NULL);
+  daemon->auth_observer = g_dbus_auth_observer_new ();
+  g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL);
 
   daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new ();
   g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon);
@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object,
   server = g_dbus_server_new_sync (address1,
                                    G_DBUS_SERVER_FLAGS_NONE,
                                    guid,
-                                   NULL, /* GDBusAuthObserver */
+                                   daemon->auth_observer,
                                    NULL, /* GCancellable */
                                    &error);
   g_free (guid);
-- 
2.21.0