From 91eb2ea3362630190e08c1c777c47bae065ac828 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 26 Jan 2015 20:09:56 +0000 Subject: [PATCH 1/3] CVE-2015-0245: prevent forged ActivationFailure from non-root processes Without either this rule or better checking in dbus-daemon, non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester. This is redundant with the fix in the C code (which I consider to be the real solution), but is likely to be easier to backport. --- bus/system.conf.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/bus/system.conf.in b/bus/system.conf.in index 92f4cc4..851b9e6 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -68,6 +68,14 @@ + + + + + +