systemd

mirror of https://github.com/systemd/systemd synced 2024-07-21 10:17:21 +00:00

Go to file

Zbigniew Jędrzejewski-Szmek fc0bb7ccc7 logind: make ReleaseSession "unprivileged" and allow closing of own session Fixes https://github.com/systemd/systemd/issues/28514. Quoting https://github.com/systemd/systemd/issues/28514#issuecomment-1831781486: > Whenever PAM is enabled for a service, we set up the PAM session and then > fork off a process whose only job is to eventually close the PAM session when > the service dies. That services we run with service privileges, both to > minimize attack surface and because we want to use PR_SET_DEATHSIG to be get > a notification via signal whenever the main process dies. But that only works > if we have the same credentials as that main process. > > Now, if pam_systemd runs inside the PAM stack (which it normally does) it's > session close hook will ask logind to synchronously end the session via a bus > call. Currently that call is not accessible to unprivileged clients. And > that's the part we need to relax: allow users to end their own sessions. The check is implemented in a way that allows the kill if the sender is in the target session. I found 'sudo systemctl --user -M "zbyszek@" is-system-running' to be a convenient reproducer. Before: May 16 16:25:26 x1c systemd[1]: run-u24754.service: Deactivated successfully. May 16 16:25:26 x1c dbus-broker[1489]: A security policy denied :1.24757 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1. May 16 16:25:26 x1c (sd-pam)[3036470]: pam_systemd(login:session): Failed to release session: Access denied May 16 16:25:26 x1c systemd[1]: Stopping session-114.scope... May 16 16:25:26 x1c systemd[1]: session-114.scope: Deactivated successfully. May 16 16:25:26 x1c systemd[1]: Stopped session-114.scope. May 16 16:25:26 x1c systemd[1]: session-c151.scope: Deactivated successfully. May 16 16:25:26 x1c systemd-logind[1513]: Session c151 logged out. Waiting for processes to exit. May 16 16:25:26 x1c systemd-logind[1513]: Removed session c151. After: May 16 17:02:15 x1c systemd[1]: run-u24770.service: Deactivated successfully. May 16 17:02:15 x1c systemd[1]: Stopping session-115.scope... May 16 17:02:15 x1c systemd[1]: session-c153.scope: Deactivated successfully. May 16 17:02:15 x1c systemd[1]: session-115.scope: Deactivated successfully. May 16 17:02:15 x1c systemd[1]: Stopped session-115.scope. May 16 17:02:15 x1c systemd-logind[1513]: Session c153 logged out. Waiting for processes to exit. May 16 17:02:15 x1c systemd-logind[1513]: Removed session c153. Edit: this seems to also fix https://github.com/systemd/systemd/issues/8598. It seems that with the call to ReleaseSession, we wait for the pam session close hooks to finish. I inserted a 'sleep(10)' after the call to ReleaseSession in pam_systemd, and things block on that, nothing is killed prematurely.		2024-05-20 20:59:15 +02:00
.clusterfuzzlite	ci: unpin CFLite	2022-04-26 09:13:57 +00:00
.github	Revert "CI: add manual workflow to publish pages to fix submodule issue"	2024-05-16 15:31:52 +01:00
.semaphore	semaphore: use variable for Salsa repo URL	2024-05-20 13:14:50 +01:00
catalog	catalog: update Polish translation	2024-04-30 18:09:56 +02:00
coccinelle	introduce FOREACH_ELEMENT	2024-04-18 17:39:34 +02:00
docs	Merge pull request #32784 from YHNdnzj/release-version	2024-05-15 20:25:59 +02:00
factory	man: don't suggest using pam_unix.so's use_authtok switch	2024-01-17 23:59:05 +00:00
hwdb.d	hwdb: Enable JP-IK LEAP W502's touchpad toggle key	2024-05-17 14:24:20 +09:00
LICENSES	tree-wide: drop several remaining license headers	2024-04-08 10:14:50 +02:00
man	logind: make ReleaseSession "unprivileged" and allow closing of own session	2024-05-20 20:59:15 +02:00
mime	creds-util: add a concept of "user-scoped" credentials	2024-01-30 17:07:47 +01:00
mkosi.conf.d	mkosi: Update fedora to latest	2024-05-14 20:44:39 +02:00
mkosi.images	test: install more kernel modules for Fedora image	2024-05-20 18:38:45 +09:00
mkosi.profiles	mkosi: Introduce particle profile	2024-04-30 10:46:18 +02:00
modprobe.d	modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0	2024-01-12 23:24:54 +00:00
network	network: configure a tun host0 interface in a container	2024-05-16 14:37:28 +02:00
pkg	mkosi: Update centos to latest	2024-05-16 13:33:21 +02:00
po	po: Update translation files	2024-05-15 05:09:32 +09:00
presets	mountfsd: add new systemd-mountfsd component	2024-04-06 16:08:24 +02:00
rules.d	udev: permanent symlinks with USB revision for /dev/media*	2024-04-18 14:09:42 +02:00
shell-completion	shell-completion: add systemd-vmspawn to meson.build	2024-05-18 09:38:53 +03:00
src	logind: make ReleaseSession "unprivileged" and allow closing of own session	2024-05-20 20:59:15 +02:00
sysctl.d	sysctl.d: Fix pid_max comment	2023-10-31 13:07:49 +01:00
sysusers.d	sysusers: simplify meson config	2024-05-14 20:46:24 +02:00
test	test: wait for partition device rather than the whole disk	2024-05-20 15:05:47 +02:00
tmpfiles.d	ssh-generator: create privsep dir via tmpfiles.d/ if we are told to	2024-04-04 01:01:10 +09:00
tools	meson: Set up git submodule update on post checkout as well	2024-05-05 14:49:21 +02:00
units	units: add JobTimeoutAction= to exit.target and friends	2024-05-18 01:28:14 +09:00
xorg	xorg/50-systemd-user: add a full license header	2021-10-01 14:45:00 +02:00
.clang-format	Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)	2024-03-06 15:24:23 +01:00
.ctags	editors: Prevent ctags from following symlinks	2019-02-15 11:01:20 -08:00
.dir-locals.el	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.editorconfig	editorconfig: add NEWS whitespace configuration	2023-10-26 22:41:03 +01:00
.gitattributes	Mark all base64 files as generated	2023-08-16 12:49:45 +02:00
.gitignore	Update to mkosi v19	2023-11-28 19:54:58 +01:00
.gitmodules	Use .git suffix for all submodule urls	2024-03-25 13:27:12 +00:00
.mailmap	mailmap: "reduce contributor count by 13"	2023-08-16 12:49:42 +02:00
.packit.yml	Revert "packit: temporarily build systemd without BPF stuff"	2024-02-11 16:45:03 +01:00
.pylintrc	Add .pylintrc to globally suppress warnings we don't really care about	2023-08-10 18:13:29 +02:00
.vimrc	vimrc: explicitly set shiftwidth for the C file type	2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py	ycm: add doc string for all the functions in configuration file	2017-11-29 13:21:49 -07:00
LICENSE.GPL2
LICENSE.LGPL2.1
meson.build	pidfd: properly detect if libc offers pidfd syscalls and make use of them then	2024-05-08 15:36:40 +02:00
meson.version	Finalize for v256~rc2	2024-05-15 00:29:01 +01:00
meson_options.txt	test: Add mkosi-based integration test runner	2024-04-18 16:26:38 +01:00
mkosi.conf	mkosi: Mask mdmonitor and isc-dhcp-server services	2024-05-14 12:43:28 +02:00
NEWS	Finalize for v256~rc2	2024-05-15 00:29:01 +01:00
README	README: mention fq_codel	2024-02-22 19:14:31 +00:00
README.md	README.md: link bug bounty program	2024-04-11 12:58:53 +02:00
TODO	TODO: fix typo	2024-05-14 18:08:44 +09:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack