projects / platform / upstream / dbus.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 259d2bc) | patch
Make uid 0 immune to pending_fd_timeout limit
authorSimon McVittie <simon.mcvittie@collabora.co.uk>
Fri, 11 Nov 2016 16:40:44 +0000 (16:40 +0000)
committerSimon McVittie <simon.mcvittie@collabora.co.uk>
Fri, 11 Nov 2016 16:40:44 +0000 (16:40 +0000)
commitd5fae1db789d741295ca4746b84915d4bec591fd
tree0bfec6bf11c2392112a7359fa07233c85568d416tree | snapshot
parent259d2bcf593b455685cbd097021a758991c02580commit | diff
Make uid 0 immune to pending_fd_timeout limit

This is a workaround for
<https://bugs.freedesktop.org/show_bug.cgi?id=95263>. If a service
sends a file descriptor sufficiently frequently that its queue of
messages never goes down to 0 fds pending, then it will eventually be
disconnected. logind is one such service.

We do not currently have a good solution for this: the proposed
patches either don't work, or reintroduce a denial of service
security vulnerability (CVE-2014-3637). Neither seems desirable.
However, we can avoid the worst symptoms by trusting uid 0 not to be
malicious.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95263
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1591411
Reviewed-by: Ɓukasz Zemczak
Tested-by: Ivan Kozik
Tested-by: Finn Herpich
Tested-by: autostatic
Tested-by: Ben Parafina
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
bus/connection.c diff | blob | history
test/dbus-daemon.c diff | blob | history
Domain: System / IPC;