X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flibelogind%2Fsd-bus%2Fbus-util.c;h=a84d3381cbe91652516830ac06e9127fac223ad7;hp=5bd7885e49cfe8d5fe61fb7d2d719b22a31e7ca4;hb=5c338de6761aa3b3285a3f507f2517dd7dd3e9a6;hpb=3cabab2f099377b2e82a09c822a9f781a61b875b

diff --git a/src/libelogind/sd-bus/bus-util.c b/src/libelogind/sd-bus/bus-util.c
index 5bd7885e4..a84d3381c 100644
--- a/src/libelogind/sd-bus/bus-util.c
+++ b/src/libelogind/sd-bus/bus-util.c
@@ -206,6 +206,9 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
         if (r < 0)
                 return r;
 
+        /* Don't trust augmented credentials for authorization */
+        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM);
+
         r = sd_bus_creds_get_euid(creds, &sender_uid);
         if (r < 0)
                 return r;