Skip to content

Commit b64999a

Browse files
author
electricface
committed
fix(device): checkAuthorization is not secure
fix(locale-helper): the same problem https://bugzilla.suse.com/show_bug.cgi?id=1070943
1 parent ecf9d78 commit b64999a

2 files changed

Lines changed: 7 additions & 17 deletions

File tree

device/device.go

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -83,12 +83,7 @@ func (d *Device) UnblockBluetoothDevices(sender dbus.Sender) *dbus.Error {
8383
}
8484

8585
func (d *Device) unblockBluetoothDevices(sender dbus.Sender) error {
86-
pid, err := d.service.GetConnPID(string(sender))
87-
if err != nil {
88-
return err
89-
}
90-
91-
ok, err := checkAuthorization(unblockBluetoothDevicesActionId, pid)
86+
ok, err := checkAuthorization(unblockBluetoothDevicesActionId, string(sender))
9287
if err != nil {
9388
return err
9489
}
@@ -99,15 +94,15 @@ func (d *Device) unblockBluetoothDevices(sender dbus.Sender) error {
9994
return exec.Command(rfkillBin, "unblock", rfkillDeviceTypeBluetooth).Run()
10095
}
10196

102-
func checkAuthorization(actionId string, pid uint32) (bool, error) {
97+
func checkAuthorization(actionId string, sysBusName string) (bool, error) {
10398
systemBus, err := dbus.SystemBus()
10499
if err != nil {
105100
return false, err
106101
}
107102
authority := polkit.NewAuthority(systemBus)
108-
var subject = polkit.MakeSubject(polkit.SubjectKindUnixProcess)
109-
subject.SetDetail("pid", pid)
110-
subject.SetDetail("start-time", uint64(0))
103+
subject := polkit.MakeSubject(polkit.SubjectKindSystemBusName)
104+
subject.SetDetail("name", sysBusName)
105+
111106
ret, err := authority.CheckAuthorization(0, subject, actionId,
112107
nil, polkit.CheckAuthorizationFlagsAllowUserInteraction, "")
113108
if err != nil {

locale-helper/ifc.go

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -138,15 +138,10 @@ func enableLocaleInFile(locale, file string) error {
138138
}
139139

140140
func (h *Helper) checkAuth(sender dbus.Sender) (bool, error) {
141-
pid, err := h.service.GetConnPID(string(sender))
142-
if err != nil {
143-
return false, err
144-
}
145141
systemBus := h.service.Conn()
146142
authority := polkit.NewAuthority(systemBus)
147-
subject := polkit.MakeSubject(polkit.SubjectKindUnixProcess)
148-
subject.SetDetail("pid", pid)
149-
subject.SetDetail("start-time", uint64(0))
143+
subject := polkit.MakeSubject(polkit.SubjectKindSystemBusName)
144+
subject.SetDetail("name", string(sender))
150145
result, err := authority.CheckAuthorization(0, subject, polkitManageLocale,
151146
nil,
152147
polkit.CheckAuthorizationFlagsAllowUserInteraction, "")

0 commit comments

Comments
 (0)