| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This matches a corresponding change in GLib. See
glib/gutils.c:g_check_setuid().
Some programs attempt to use libdbus when setuid; notably the X.org
server is shipped in such a configuration. libdbus never had an
explicit policy about its use in setuid programs.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
How to determine whether or not we're running in a privilege-escalated
path is operating system specific. Note that GTK+'s code to check
euid versus uid worked historically on Unix, more modern systems have
filesystem capabilities and SELinux domain transitions, neither of
which are captured by the uid comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
[backported to 1.2 -smcv]
|
|
|
|
|
|
compilation
|
|
|
|
|
|
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=19195
We were previously using -Wno-format because we didn't have
a #define for DBUS_INT64_MODIFIER, which was really lame because
it easily hid problems.
For now, just define it if we're on glibc; this is obviously
not strictly correct but it's safe, because the formatting
is only used in DBUS_VERBOSE mode, and in tools/dbus-monitor.
Ideally we get the the glib code relicensed.
|
|
|
|
|
|
By rough consensus, and to keep up with the cool kids.
Note to builders: you need to use V=1 to enable verbose mode.
|
|
|
|
|
|
(Commit message written by Colin Walters <walters@verbum.org>)
A current Fedora goal is to convert projects to libcap-ng which
more easily allows dropping Linux capabilities. For software
which also links to libdbus, it's problematic to link against
libcap as well.
Though really, libdbus should have never linked against libcap
in the first place, which is another thing this patch changes
by moving the libcap-using bits out of dbus/ and into bus/.
https://bugzilla.redhat.com/show_bug.cgi?id=518541
|
|
A variety of system components have migrated from legacy init into DBus
service activation. Many of these system components "daemonize", which
involves forking. The DBus activation system treated an exit as an
activation failure, assuming that the child process which grabbed the
DBus name didn't run first.
While we're in here, also differentiate in this code path between the
servicehelper (system) versus direct activation (session) paths. In
the session activation path our error message mentioned a helper
process which was confusing, since none was involved.
Based on a patch and debugging research from Ray Strode <rstrode@redhat.com>
|
|
Define POSIX_PTHREAD_SEMANTICS earlier so more things use it.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
(cherry picked from commit 97c58ace430fb58cedfc1e5c83db9759063b6946)
|
|
Patch based on one from Keith Mok <ek9852@gmail.com>, some
followup work from Janne Karhunen <Janne.Karhunen@gmail.com>.
We don't want condition variable timeouts to be affected by the system clock.
Use the POSIX CLOCK_MONOTONIC if available.
(cherry picked from commit ae24bb35e2ee3ecde990f55852982b573754ec43)
|
|
This prevents it leaking into spawned child processes.
Signed-off-by: Colin Walters <walters@verbum.org>
(cherry picked from commit f4e15893e5be6da6c7642bb7ef9b14d5531afe41)
|
|
This prevents the flags from screwing up autoconf tests.
(cherry picked from commit 98bbe8c7941f2c643dc55b4e7329c0da57d2c7bc)
|
|
Include the right headers.
(cherry picked from commit fe86222d10f0b2532be314a58841db82b1f5887e)
|
|
* configure.in: only run AC_CACHE_CHECK if enable_abstract_sockets=auto
* configure.in: warn that, when cross-compiling, we're unable to detect
abstract sockets availability automatically
Signed-off-by: Thiago Macieira <thiago@kde.org>
|
|
Signed-off-by: Thiago Macieira <thiago@kde.org>
|
|
|
|
* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages
Signed-off-by: Thiago Macieira <thiago@kde.org>
(cherry picked from commit 660073925b03cad2f6e95ba9f25a81c2d9727185)
|
|
|
|
|
|
* configure.in: Tweak libxml/expat detection and handling.
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.
For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .
|
|
Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult. Now we expect *all* developers and testers to be using
-Werror.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* bus/driver.c: Add GetAdtAuditSessionData method
which returns audit data for a connection.
* configure.in: Detect ADT auditing support
* dbus/dbus-auth.c: Read ADT auditing creds.
* dbus/dbus-connection.c: Implement
dbus_connection_get_adt_audit_session_data.
* dbus/dbus-connection.h: Export it.
* dbus/dbus-credentials.c: Add support for
gathering adt_audit_data and retrieving it
via _dbus_credentials_get_adt_audit_data.
* dbus/dbus-credentials.h: Add
DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID.
* dbus/dbus-protocol.h: New error
DBUS_ERROR_ADT_AUDIT_DATA_UNKNOWN.
* dbus/dbus-sysdeps.c: Support for reading
audit credentials via ADT API.
* dbus/dbus-transport.c: New function
_dbus_transport_get_adt_audit_session_data
to retrieve credentials.
* dbus/dbus-transport.h: Export it.
|
|
* test/data/valid-service-files/org.freedesktop.DBus.TestSuite.PrivServer.service.in:
New service file for PrivServer.
* configure.in: Generate it.
* test/name-test/Makefile.am: Build test-privserver and
test-privserver-client.
* test/name-test/test-privserver.c: Use DBusServer to
serve a private connection.
* test/name-test/test-privserver-client.c: Connect
via session bus and get address of private server,
exercise dbus_shutdown().
* test/name-test/run-test.sh: Run it.
|
|
|
|
|
|
* we are moving to the 1.2.x version scheme because re-licensing seems to be
blocked indefinitely
|
