dfuzzer.conf: suppress org.freedesktop.login1.Sleep()

[mrc0mmand]

Introduced in systemd/systemd#29853.

[evverx]

I think it would be great if it was possible to skip destructive methods when dfuzzer is privileged enough to actually call them and call them when it's unprivileged. It should make it possible to poke all those polkit/dbus rules.

[mrc0mmand]

I think it would be great if it was possible to skip destructive methods when dfuzzer is privileged enough to actually call them and call them when it's unprivileged. It should make it possible to poke all those polkit/dbus rules.

I guess something like that would make sense, but we'd need a way to mark certain functions unsafe even for that mode, since they're potentially unsafe even when run unprivileged. For example, the org.freedesktop.login1.Manager interface has TerminateUser() function, which, when unprivileged, is still able to kill the current user's session:

[vagrant@centos9s ~]$ busctl call org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager TerminateUser u 0
Call failed: Interactive authentication required.
[vagrant@centos9s ~]$ busctl call org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager TerminateUser u 1000
Connection to 192.168.122.124 closed by remote host.

[evverx]

we'd need a way to mark certain functions unsafe even for that mode

Makes sense. Maybe something like the TotallyDestructive mode could cover those.

Though from time to time it would be nice to ignore them too. systemd/systemd#30917 was triggerred by dfuzzer as far as I can remember. It can probably be done by generating a new config where methods like that aren't included at all. Dunno.