From f712e5f6c7a77e92abed2f0d0740b9512d1fa4e2 Mon Sep 17 00:00:00 2001 From: Jonathan Rajotte Date: Wed, 3 Mar 2021 15:45:11 -0500 Subject: [PATCH] Fix: notification: client with uid != trigger uid assert on gid check MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The gid was removed from the trigger object since gid is not an exposed control measure anywhere in lttng except for the "tracing" group and lttng-sessiond to client communication. Also based on this: /* * As for privilieged users, they can register triggers against the objects of * other users. They can then subscribe to the notifications associated to their * triggers. Privilieged users _can't_ subscribe to the notifications of * triggers owned by other users; they must create their own triggers. * / This is why the current check is not bypassed if the notification client have a UID == 0 (root). Signed-off-by: Jonathan Rajotte Signed-off-by: Jérémie Galarneau Change-Id: I690ea355b0b1ab0bfe82b7db47275876afe622f2 --- src/bin/lttng-sessiond/notification-thread-events.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/lttng-sessiond/notification-thread-events.c b/src/bin/lttng-sessiond/notification-thread-events.c index 0836620b5..827cf2c14 100644 --- a/src/bin/lttng-sessiond/notification-thread-events.c +++ b/src/bin/lttng-sessiond/notification-thread-events.c @@ -4335,7 +4335,7 @@ int notification_client_list_send_evaluation( } } - if (client->uid != lttng_credentials_get_uid(trigger_creds) && client->gid != lttng_credentials_get_gid(trigger_creds)) { + if (client->uid != lttng_credentials_get_uid(trigger_creds)) { DBG("[notification-thread] Skipping client at it does not have the permission to receive notification for this trigger"); goto skip_client; } -- 2.34.1