projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03d4358) | patch
dynamic-user: don't use a UID that currently owns IPC objects (#6962)
authorLennart Poettering <lennart@poettering.net>
Wed, 4 Oct 2017 19:40:01 +0000 (21:40 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 4 Oct 2017 19:40:01 +0000 (21:40 +0200)
commit98e4fcec36ff683c0274e4c3631babbad2836e08
tree31d343c542ef74dd29901e34cb59f5f79df0c202tree | snapshot
parent03d4358277f7056cb679113e8cea9d590f0ad5dfcommit | diff
dynamic-user: don't use a UID that currently owns IPC objects (#6962)

This fixes a mostly theoretical potential security hole: if for some
reason we failed to remove IPC objects created for a dynamic user (maybe
because a MAC/SElinux erronously prohibited), then we should not hand
out the same UID again until they are successfully removed.

With this commit we'll enumerate the IPC objects currently existing, and
step away from using a UID for the dynamic UID logic if there are any
matching it.
src/core/dynamic-user.c diff | blob | history
src/shared/clean-ipc.c diff | blob | history
src/shared/clean-ipc.h diff | blob | history
Domain: System / System Framework;