From 28fc54e352de549e5574cd41d890ec3151c5157b Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Fri, 7 Oct 2016 21:25:08 +0100
Subject: [PATCH] bus_driver_handle_message: reject ActivationFailure if
 unprivileged

Specifically, this will allow ActivationFailure messages from our
own uid or from root, but reject them otherwise, even if the bus
configuration for who can own org.freedesktop.systemd1 is entirely
wrong due to something like CVE-2014-8148.

Signed-off-by: Simon McVittie <smcv@debian.org>
Reviewed-by: Colin Walters <walters@verbum.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98157
---
 bus/driver.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/bus/driver.c b/bus/driver.c
index 01fd340..660f04d 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2616,6 +2616,15 @@ bus_driver_handle_message (DBusConnection *connection,
       BusContext *context;
       DBusConnection *systemd;
 
+      /* This is a directed signal, not a method call, so the log message
+       * is a little weird (it talks about "calling" ActivationFailure),
+       * but it's close enough */
+      if (!bus_driver_check_caller_is_privileged (connection,
+                                                  transaction,
+                                                  message,
+                                                  error))
+        return FALSE;
+
       context = bus_connection_get_context (connection);
       systemd = bus_driver_get_owner_of_name (connection,
           "org.freedesktop.systemd1");
-- 
2.7.4