#3801 NORM Update.: Rainbow, Sugar, and the Datastore need to integrate to isolate Activities from the Datastore

Zarro Boogs per Child bugtracker at laptop.org
Tue Nov 6 06:36:05 EST 2007 

#3801: Rainbow, Sugar, and the Datastore need to integrate to isolate Activities
from the Datastore
-----------------------+----------------------------------------------------
  Reporter:  mstone    |       Owner:  mstone                                        
      Type:  defect    |      Status:  new                                           
  Priority:  normal    |   Milestone:  Update.1                                      
 Component:  security  |     Version:                                                
Resolution:            |    Keywords:  security-integration, security, rainbow, sugar
  Verified:  0         |  
-----------------------+----------------------------------------------------

Comment(by tomeu):

 Simon explained how to get the uid from the caller:

 {{{
 Nov 05 18:55:34 <tomeu> smcv: any way to get the uid of the process that
 called a
 dbus method?
 Nov 05 18:55:42 <smcv>  tomeu: sort
 Nov 05 18:55:45 <smcv>  *sort of
 Nov 05 18:55:51 <smcv>  the dbus-daemon knows
 Nov 05 18:56:19 <smcv>  (part 1) get the unique-name of the sender, via
 sender_keyword='sender' in the service's method implementation
 Nov 05 18:56:52 <smcv>  (part 2) call a method whose name I forget,
 passing in
 the unique-name, to get the bus daemon to tell you the associated uid
 Nov 05 18:57:50 <m_stone>       (part 3): look up the gid that you want in
 /etc/passwd.
 Nov 05 18:57:53 <smcv>  the method I mentioned is GetConnectionUnixUser()
 on the
 dbus-daemon object
 Nov 05 18:58:09 <smcv>  there is a Python wrapper on dbus.Bus
 Nov 05 18:59:05 <smcv>  dbus.Bus().get_unix_user(':1.8') should return the
 uid of
 the process whose unique name is ':1.8'
 Nov 05 18:59:25 <smcv>  however, get_unix_user() is a blocking call
 Nov 05 18:59:37 <smcv>  if you want to call it non-blocking, just call the
 method
 yourself
 Nov 05 19:00:09 <smcv>  which would be e.g.
 dbus.Bus().call_async(BUS_DAEMON_NAME,
 BUS_DAEMON_PATH, BUS_DAEMON_IFACE, 'GetConnectionUnixUser', 's',
 (bus_name,), ...)

 and later,

 <smcv> if you're dealing with suid processes you should be aware that
 what's
 validated is the (euid? fsuid?) that was current at the time the
 connection was
 opened
 }}}

-- 
Ticket URL: <http://dev.laptop.org/ticket/3801#comment:6>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list