chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
sd-bus: when augmenting creds, remember which ones were augmented
[elogind.git]
/
src
/
libelogind
/
sd-bus
/
bus-util.c
diff --git
a/src/libelogind/sd-bus/bus-util.c
b/src/libelogind/sd-bus/bus-util.c
index 5bd7885e49cfe8d5fe61fb7d2d719b22a31e7ca4..a84d3381cbe91652516830ac06e9127fac223ad7 100644
(file)
--- a/
src/libelogind/sd-bus/bus-util.c
+++ b/
src/libelogind/sd-bus/bus-util.c
@@
-206,6
+206,9
@@
static int check_good_user(sd_bus_message *m, uid_t good_user) {
if (r < 0)
return r;
+ /* Don't trust augmented credentials for authorization */
+ assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM);
+
r = sd_bus_creds_get_euid(creds, &sender_uid);
if (r < 0)
return r;