diff options
| author | Alban Crequy <alban.crequy@collabora.co.uk> | 2014-07-21 17:34:08 +0100 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-09-15 12:29:30 +0100 |
| commit | bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc (patch) | |
| tree | 0af92fe58a66363f1c608d8e6f81f18a861a6970 /bus/session.conf.in | |
| parent | 8ad179a8dad789fc6a5402780044bc0ec3d41115 (diff) | |
| download | dbus-bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc.tar.gz dbus-bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc.tar.bz2 dbus-bbf11cd5f92064c7c8af61ad4d9ff41f3a039abc.zip | |
config: add new limit: pending_fd_timeout
This is one of four commits needed to address CVE-2014-3637.
When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.
This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Diffstat (limited to 'bus/session.conf.in')
| -rw-r--r-- | bus/session.conf.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/bus/session.conf.in b/bus/session.conf.in index d4730363..cfe9544f 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -53,6 +53,7 @@ limit is also relatively low --> <limit name="service_start_timeout">120000</limit> <limit name="auth_timeout">240000</limit> + <limit name="pending_fd_timeout">150000</limit> <limit name="max_completed_connections">100000</limit> <limit name="max_incomplete_connections">10000</limit> <limit name="max_connections_per_user">100000</limit> |