daandemeyer / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0636-logind-validate-run-user-1000-before-we-set-it.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c9-beta c9s-sig-hyperscale drop-selinux extras extras-boot-time network-extras reduce-diff-rawhide v252-4.597.7-c8s v252-4.598.7-c8s
  1.   b12df029c309eef505a87dbc174359452bd6b6a2
  2.   SOURCES
  3.   0636-logind-validate-run-user-1000-before-we-set-it.patch
Blob History Raw
b12df0 
From c8b74ac5cf508c7bcec92d197880043af1d2bad7 Mon Sep 17 00:00:00 2001
b12df0 
From: Lennart Poettering <lennart@poettering.net>
b12df0 
Date: Tue, 9 Oct 2018 22:23:41 +0200
b12df0 
Subject: [PATCH] logind: validate /run/user/1000 before we set it
b12df0
b12df0 
Let's be safe than sorry, in particular as logind doesn't set it up
b12df0 
anymore, but user-runtime-dir@.service does, and logind doesn't really
b12df0 
track success of that.
b12df0
b12df0 
(cherry picked from commit b92171124819305985ed292cc472f6668a027425)
b12df0
b12df0 
Related: #1642460
b12df0 
---
b12df0 
 src/login/pam_systemd.c | 48 +++++++++++++++++++++++++++++++++++------
b12df0 
 1 file changed, 41 insertions(+), 7 deletions(-)
b12df0
b12df0 
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
b12df0 
index b2b62540bb..64e1b4d1bf 100644
b12df0 
--- a/src/login/pam_systemd.c
b12df0 
+++ b/src/login/pam_systemd.c
b12df0 
@@ -319,6 +319,36 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
b12df0 
         return r;
b12df0 
 }
b12df0
b12df0 
+static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) {
b12df0 
+        struct stat st;
b12df0 
+
b12df0 
+        assert(path);
b12df0 
+
b12df0 
+        /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
b12df0 
+         * up properly for us. */
b12df0 
+
b12df0 
+        if (lstat(path, &st) < 0) {
b12df0 
+                pam_syslog(handle, LOG_ERR, "Failed to stat() runtime directory '%s': %s", path, strerror(errno));
b12df0 
+                goto fail;
b12df0 
+        }
b12df0 
+
b12df0 
+        if (!S_ISDIR(st.st_mode)) {
b12df0 
+                pam_syslog(handle, LOG_ERR, "Runtime directory '%s' is not actually a directory.", path);
b12df0 
+                goto fail;
b12df0 
+        }
b12df0 
+
b12df0 
+        if (st.st_uid != uid) {
b12df0 
+                pam_syslog(handle, LOG_ERR, "Runtime directory '%s' is not owned by UID " UID_FMT ", as it should.", path, uid);
b12df0 
+                goto fail;
b12df0 
+        }
b12df0 
+
b12df0 
+        return true;
b12df0 
+
b12df0 
+fail:
b12df0 
+        pam_syslog(handle, LOG_WARNING, "Not setting $XDG_RUNTIME_DIR, as the directory is not in order.");
b12df0 
+        return false;
b12df0 
+}
b12df0 
+
b12df0 
 _public_ PAM_EXTERN int pam_sm_open_session(
b12df0 
                 pam_handle_t *handle,
b12df0 
                 int flags,
b12df0 
@@ -377,10 +407,12 @@ _public_ PAM_EXTERN int pam_sm_open_session(
b12df0 
                 if (asprintf(&rt, "/run/user/"UID_FMT, pw->pw_uid) < 0)
b12df0 
                         return PAM_BUF_ERR;
b12df0
b12df0 
-                r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
b12df0 
-                if (r != PAM_SUCCESS) {
b12df0 
-                        pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
b12df0 
-                        return r;
b12df0 
+                if (validate_runtime_directory(handle, rt, pw->pw_uid)) {
b12df0 
+                        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
b12df0 
+                        if (r != PAM_SUCCESS) {
b12df0 
+                                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
b12df0 
+                                return r;
b12df0 
+                        }
b12df0 
                 }
b12df0
b12df0 
                 r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
b12df0 
@@ -584,9 +616,11 @@ _public_ PAM_EXTERN int pam_sm_open_session(
b12df0 
                  * in privileged apps clobbering the runtime directory
b12df0 
                  * unnecessarily. */
b12df0
b12df0 
-                r = update_environment(handle, "XDG_RUNTIME_DIR", runtime_path);
b12df0 
-                if (r != PAM_SUCCESS)
b12df0 
-                        return r;
b12df0 
+                if (validate_runtime_directory(handle, runtime_path, pw->pw_uid)) {
b12df0 
+                        r = update_environment(handle, "XDG_RUNTIME_DIR", runtime_path);
b12df0 
+                        if (r != PAM_SUCCESS)
b12df0 
+                                return r;
b12df0 
+                }
b12df0
b12df0 
                 r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
b12df0 
                 if (r != PAM_SUCCESS)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation