[PATCH 5/9] kdbus: perform accounting on proxied uids
From: David Herrmann
Date: Thu Aug 06 2015 - 04:25:03 EST
If a connection proxies a uid, we should make sure to perform accounting
on that passed uid. Otherwise, limits will be shared across all proxied
users (or we'd require the proxy to run setuid() and thus require
CAP_SETUID).
However, this is only allowed if the proxy is privileged on the bus. That
is, it must have CAP_IPC_ADMIN on the domain and the passed uid must be
mapped in that domain.
Signed-off-by: David Herrmann <dh.herrmann@xxxxxxxxx>
---
ipc/kdbus/connection.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c
index 243cbc7..c81888e 100644
--- a/ipc/kdbus/connection.c
+++ b/ipc/kdbus/connection.c
@@ -237,11 +237,21 @@ static struct kdbus_conn *kdbus_conn_new(struct kdbus_ep *ep,
* Note that limits are always accounted against the real UID, not
* the effective UID (cred->user always points to the accounting of
* cred->uid, not cred->euid).
+ * In case the caller is privileged, we allow changing the accounting
+ * to the faked user.
*/
if (ep->user) {
conn->user = kdbus_user_ref(ep->user);
} else {
- conn->user = kdbus_user_lookup(ep->bus->domain, current_uid());
+ kuid_t uid;
+
+ if (conn->meta_fake && uid_valid(conn->meta_fake->uid) &&
+ conn->privileged)
+ uid = conn->meta_fake->uid;
+ else
+ uid = conn->cred->uid;
+
+ conn->user = kdbus_user_lookup(ep->bus->domain, uid);
if (IS_ERR(conn->user)) {
ret = PTR_ERR(conn->user);
conn->user = NULL;
--
2.5.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/