From b07a95b457a5e72bae525c4f3e707544cd8a99b3 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 26 Jan 2015 20:09:56 +0000 Subject: [PATCH] CVE-2015-0245: prevent forged ActivationFailure from non-root processes Without either this rule or better checking in dbus-daemon, non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester. This is redundant with the fix in the C code (which I consider to be the real solution), but is likely to be easier to backport. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88811 Reviewed-by: Alban Crequy Reviewed-by: David King Reviewed-by: Philip Withnall --- bus/system.conf.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/bus/system.conf.in b/bus/system.conf.in index 92f4cc4..851b9e6 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -68,6 +68,14 @@ + + + + + +