Allow uid of -1 for a PolkitUnixProcess

Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and
PolkitUnixProcess to allow negative values for their uid/gid properties,
since these are values above INT_MAX which wrap around but are still
valid, with the exception of -1 which is not valid. However,
PolkitUnixProcess allows a uid of -1 to be passed to
polkit_unix_process_new_for_owner() which means polkit is expected to
figure out the uid on its own (this happens in the _constructed
function). So this commit removes the check in
polkit_unix_process_set_property() so that new_for_owner() can be used
as documented without producing a critical error message.

This does not affect the protection against CVE-2018-19788 which is
based on creating a user with a UID up to but not including 4294967295
(-1).

1 files changed, 2 insertions, 7 deletions

diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index 78d7251..289a82e 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -228,14 +228,9 @@ polkit_unix_process_set_property (GObject      *object,
       polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
       break;
 
-    case PROP_UID: {
-      gint val;
-
-      val = g_value_get_int (value);
-      g_return_if_fail (val != -1);
-      polkit_unix_process_set_uid (unix_process, val);
+    case PROP_UID:
+      polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
       break;
-    }
 
     case PROP_START_TIME:
       polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));