1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
From 4f06ae603e268f237d439afe3f3e7e662a0c2727 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Apr 2016 11:36:26 +0200
Subject: auth: allow failures to read process start_time from /proc/$PID/stat
with hidepid
When mounting /proc with hidepid, we might fail to read the
start-time of the process from /proc/$PID/stat. In this case,
we should just accept a start-time of zero.
On the other side of authentication, polkit should accept a zero
start-time too.
nm_utils_get_start_time_for_pid() has other uses in NetworkManager,
mostly when killing a process from a PIDFILE or during
nm_utils_kill_process_sync(). In both these cases, this will only
succeed if we try to kill a process that also runs a root.
For processes started by the current instance, we don't care about the
PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem
with hidepid there.
https://bugzilla.gnome.org/show_bug.cgi?id=764502
(cherry picked from commit 3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03)
diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c
index 494d52d..86b873f 100644
--- a/src/nm-auth-subject.c
+++ b/src/nm-auth-subject.c
@@ -360,9 +360,18 @@ constructed (GObject *object)
priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL);
if (!priv->unix_process.start_time) {
- /* could not detect the process start time. The subject is invalid, but don't
- * assert against it. */
- _clear_private (priv);
+ /* Is the process already gone? Then fail creation of the auth subject
+ * by clearing the type. */
+ if (kill (priv->unix_process.pid, 0) != 0)
+ _clear_private (priv);
+
+ /* Otherwise, although we didn't detect a start_time, the process is still around.
+ * That could be due to procfs mounted with hidepid. So just accept the request.
+ *
+ * Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat
+ * itself (and if it fails to do so, assume a start-time of 0 and proceed).
+ * The only combination that would fail here, is when NM is able to read the
+ * start-time, but polkit is not. */
}
return;
default:
--
cgit v0.10.2
|