summarylogtreecommitdiffstats
path: root/hidepid.patch
blob: 439b98d505f045a87246060bf6ada1a2e70a61b6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

From 4f06ae603e268f237d439afe3f3e7e662a0c2727 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Apr 2016 11:36:26 +0200
Subject: auth: allow failures to read process start_time from /proc/$PID/stat
 with hidepid

When mounting /proc with hidepid, we might fail to read the
start-time of the process from /proc/$PID/stat. In this case,
we should just accept a start-time of zero.

On the other side of authentication, polkit should accept a zero
start-time too.

nm_utils_get_start_time_for_pid() has other uses in NetworkManager,
mostly when killing a process from a PIDFILE or during
nm_utils_kill_process_sync(). In both these cases, this will only
succeed if we try to kill a process that also runs a root.

For processes started by the current instance, we don't care about the
PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem
with hidepid there.

https://bugzilla.gnome.org/show_bug.cgi?id=764502
(cherry picked from commit 3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03)

diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c
index 494d52d..86b873f 100644
--- a/src/nm-auth-subject.c
+++ b/src/nm-auth-subject.c
@@ -360,9 +360,18 @@ constructed (GObject *object)
 		priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL);
 
 		if (!priv->unix_process.start_time) {
-			/* could not detect the process start time. The subject is invalid, but don't
-			 * assert against it. */
-			_clear_private (priv);
+			/* Is the process already gone? Then fail creation of the auth subject
+			 * by clearing the type. */
+			if (kill (priv->unix_process.pid, 0) != 0)
+				_clear_private (priv);
+
+			/* Otherwise, although we didn't detect a start_time, the process is still around.
+			 * That could be due to procfs mounted with hidepid. So just accept the request.
+			 *
+			 * Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat
+			 * itself (and if it fails to do so, assume a start-time of 0 and proceed).
+			 * The only combination that would fail here, is when NM is able to read the
+			 * start-time, but polkit is not. */
 		}
 		return;
 	default:
-- 
cgit v0.10.2