From 4f06ae603e268f237d439afe3f3e7e662a0c2727 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 22 Apr 2016 11:36:26 +0200 Subject: auth: allow failures to read process start_time from /proc/$PID/stat with hidepid When mounting /proc with hidepid, we might fail to read the start-time of the process from /proc/$PID/stat. In this case, we should just accept a start-time of zero. On the other side of authentication, polkit should accept a zero start-time too. nm_utils_get_start_time_for_pid() has other uses in NetworkManager, mostly when killing a process from a PIDFILE or during nm_utils_kill_process_sync(). In both these cases, this will only succeed if we try to kill a process that also runs a root. For processes started by the current instance, we don't care about the PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem with hidepid there. https://bugzilla.gnome.org/show_bug.cgi?id=764502 (cherry picked from commit 3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03) diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c index 494d52d..86b873f 100644 --- a/src/nm-auth-subject.c +++ b/src/nm-auth-subject.c @@ -360,9 +360,18 @@ constructed (GObject *object) priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL); if (!priv->unix_process.start_time) { - /* could not detect the process start time. The subject is invalid, but don't - * assert against it. */ - _clear_private (priv); + /* Is the process already gone? Then fail creation of the auth subject + * by clearing the type. */ + if (kill (priv->unix_process.pid, 0) != 0) + _clear_private (priv); + + /* Otherwise, although we didn't detect a start_time, the process is still around. + * That could be due to procfs mounted with hidepid. So just accept the request. + * + * Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat + * itself (and if it fails to do so, assume a start-time of 0 and proceed). + * The only combination that would fail here, is when NM is able to read the + * start-time, but polkit is not. */ } return; default: -- cgit v0.10.2