Re: Why is su preserving the environment?

To: debian-devel@lists.debian.org, debian-security@lists.debian.org
Subject: Re: Why is su preserving the environment?
From: Matthew Johnson <mjj29@debian.org>
Date: Sat, 24 Jan 2009 15:39:45 +0000
Message-id: <[🔎] 20090124153944.GX26623@matthew.ath.cx>
In-reply-to: <[🔎] 1232802521.3650.8.camel@tomoyo>
References: <[🔎] 1232782898.31412.10.camel@tomoyo> <[🔎] 87iqo53za3.fsf@faui44a.informatik.uni-erlangen.de> <[🔎] 1232788058.31412.27.camel@tomoyo> <[🔎] 87tz7p2fdf.fsf@faui44a.informatik.uni-erlangen.de> <[🔎] 20090124100526.GW26623@matthew.ath.cx> <[🔎] 1232802521.3650.8.camel@tomoyo>

On Sat Jan 24 14:08, Josselin Mouette wrote:
> Le samedi 24 janvier 2009 à 10:05 +0000, Matthew Johnson a écrit :
> > Well, if they are using DBUS this should be fine. You cannot connect to
> > a session bus with a uid other than the one it is running as (including
> > root)
> 
> Clearly that’s not the case, since the original issue happens over
> D-Bus. In this case, not for authentication, but clearly the application
> launched as root can connect to the session bus.

Well, clearly something else is going on because root can't connect to the
session bus here, this is on Lenny. I'm also part of DBus upstream and AFAIK
this part of the security policy has not changed:

 =0 [mjj29] $ dbus-launch --sh-syntax
DBUS_SESSION_BUS_ADDRESS='unix:abstract=/tmp/dbus-NcM9i9iZek,guid=c8396b814246d79f7bc863b6497b356d';
export DBUS_SESSION_BUS_ADDRESS;
DBUS_SESSION_BUS_PID=12888;
 =0 [mjj29] $ DBUS_SESSION_BUS_ADDRESS='unix:abstract=/tmp/dbus-NcM9i9iZek,guid=c8396b814246d79f7bc863b6497b356d';
 =0 [mjj29] $ export DBUS_SESSION_BUS_ADDRESS;
 =0 [mjj29] $ DBUS_SESSION_BUS_PID=12888;
 =0 [mjj29] $ dbus-monitor
signal sender=org.freedesktop.DBus -> dest=:1.0 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired
   string ":1.0"
method call sender=:1.0 -> dest=org.freedesktop.DBus path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch
   string "type='method_call'"
method call sender=:1.0 -> dest=org.freedesktop.DBus path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch
   string "type='method_return'"
method call sender=:1.0 -> dest=org.freedesktop.DBus path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch
   string "type='error'"
^C
 =130 [mjj29] $ su
Password: 
qadesh:/home/mjj29# echo $DBUS_SESSION_BUS_ADDRESS 
unix:abstract=/tmp/dbus-NcM9i9iZek,guid=c8396b814246d79f7bc863b6497b356d
qadesh:/home/mjj29# dbus-monitor
Failed to open connection to session message bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
qadesh:/home/mjj29# 

-- 
Matthew Johnson

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Why is su preserving the environment?
  - From: Josselin Mouette <joss@debian.org>

References:
- Why is su preserving the environment?
  - From: Josselin Mouette <joss@debian.org>
- Re: Why is su preserving the environment?
  - From: Reinhard Tartler <siretart@tauware.de>
- Re: Why is su preserving the environment?
  - From: Josselin Mouette <joss@debian.org>
- Re: Why is su preserving the environment?
  - From: Reinhard Tartler <siretart@debian.org>
- Re: Why is su preserving the environment?
  - From: Matthew Johnson <mjj29@debian.org>
- Re: Why is su preserving the environment?
  - From: Josselin Mouette <joss@debian.org>

Prev by Date: Re: Why is su preserving the environment?
Next by Date: Re: Why is su preserving the environment?
Previous by thread: Re: Why is su preserving the environment?
Next by thread: Re: Why is su preserving the environment?
Index(es):
- Date
- Thread