patchpanel: Prevent ConnectNamespace from allowing privileged PIDs. Block PID 1 and the PID of the patchpanel process. BUG=b:174735412 TEST=unit Change-Id: Ic1eaed424d697851aed9931d80cb2895d7b2e73f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2571141 Tested-by: Garrick Evans <garrick@chromium.org> Reviewed-by: Hugo Benichi <hugobenichi@google.com> Commit-Queue: Garrick Evans <garrick@chromium.org>

commit: 263bd9551484f644ae35e668bff7c577fd88dd2f [log] [tgz]
author: Garrick Evans <garrick@google.com> Thu Dec 03 20:27:43 2020 +0900
committer: Commit Bot <commit-bot@chromium.org> Fri Dec 04 16:52:22 2020 +0000
tree: 912d78dd0d5e5bf4d11c2a0055ee44b85b2083ad
parent: 98143e72f5efaf673058de6cf6d5a3210e2140dc [diff] [blame]
diff --git a/patchpanel/manager.cc b/patchpanel/manager.cc
index 5d611d7..a093891 100644
--- a/patchpanel/manager.cc
+++ b/patchpanel/manager.cc

@@ -824,6 +824,11 @@
   }
 
   pid_t pid = request.pid();
+  if (pid == 1 || pid == getpid()) {
+    LOG(ERROR) << "ConnectNamespaceRequest: privileged namespace pid " << pid;
+    writer.AppendProtoAsArrayOfBytes(patchpanel::ConnectNamespaceResponse());
+    return dbus_response;
+  }
   {
     ScopedNS ns(pid);
     if (!ns.IsValid()) {
commit	263bd9551484f644ae35e668bff7c577fd88dd2f	[log] [tgz]
author	Garrick Evans <garrick@google.com>	Thu Dec 03 20:27:43 2020 +0900
committer	Commit Bot <commit-bot@chromium.org>	Fri Dec 04 16:52:22 2020 +0000
tree	912d78dd0d5e5bf4d11c2a0055ee44b85b2083ad
parent	98143e72f5efaf673058de6cf6d5a3210e2140dc [diff] [blame]