diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-10-04 21:40:01 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-10-04 21:40:01 +0200 |
commit | 98e4fcec36ff683c0274e4c3631babbad2836e08 (patch) | |
tree | 31d343c542ef74dd29901e34cb59f5f79df0c202 /src/core/dynamic-user.c | |
parent | 03d4358277f7056cb679113e8cea9d590f0ad5df (diff) | |
download | systemd-98e4fcec36ff683c0274e4c3631babbad2836e08.tar.gz |
dynamic-user: don't use a UID that currently owns IPC objects (#6962)
This fixes a mostly theoretical potential security hole: if for some
reason we failed to remove IPC objects created for a dynamic user (maybe
because a MAC/SElinux erronously prohibited), then we should not hand
out the same UID again until they are successfully removed.
With this commit we'll enumerate the IPC objects currently existing, and
step away from using a UID for the dynamic UID logic if there are any
matching it.
Diffstat (limited to 'src/core/dynamic-user.c')
-rw-r--r-- | src/core/dynamic-user.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c index 66e83a74b6..f1b5ee7ecb 100644 --- a/src/core/dynamic-user.c +++ b/src/core/dynamic-user.c @@ -21,6 +21,7 @@ #include <pwd.h> #include <sys/file.h> +#include "clean-ipc.h" #include "dynamic-user.h" #include "fd-util.h" #include "fileio.h" @@ -294,7 +295,9 @@ static int pick_uid(char **suggested_paths, const char *name, uid_t *ret_uid) { } /* Some superficial check whether this UID/GID might already be taken by some static user */ - if (getpwuid(candidate) || getgrgid((gid_t) candidate)) { + if (getpwuid(candidate) || + getgrgid((gid_t) candidate) || + search_ipc(candidate, (gid_t) candidate) != 0) { (void) unlink(lock_path); continue; } |