[Bug 306362] Re: Default D-Bus system bus policy is allow
Bug Watch Updater
306362 at bugs.launchpad.net
Thu Oct 26 23:12:14 UTC 2017
Launchpad has imported 6 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=474895.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2008-12-05T20:32:08+00:00 Colin wrote:
See:
https://bugs.freedesktop.org/show_bug.cgi?id=18229
Reply at:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/306362/comments/41
------------------------------------------------------------------------
On 2008-12-05T20:32:59+00:00 Fedora wrote:
dbus-1.2.6-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/dbus-1.2.6-1.fc10
Reply at:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/306362/comments/42
------------------------------------------------------------------------
On 2008-12-05T20:36:02+00:00 Fedora wrote:
dbus-1.2.6-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/dbus-1.2.6-1.fc10
Reply at:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/306362/comments/43
------------------------------------------------------------------------
On 2008-12-07T04:12:09+00:00 Fedora wrote:
dbus-1.2.6-1.fc10 has been pushed to the Fedora 10 stable repository.
If problems still persist, please make note of it in this bug report.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/306362/comments/44
------------------------------------------------------------------------
On 2008-12-07T04:32:11+00:00 Fedora wrote:
dbus-1.2.6-1.fc9 has been pushed to the Fedora 9 stable repository. If
problems still persist, please make note of it in this bug report.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/306362/comments/45
------------------------------------------------------------------------
On 2008-12-08T17:53:49+00:00 Feng wrote:
This version of dbus messes up everything:
gpk stops working,
system-config-services stops working,
system-config-printer stops working,
and more.
Seems like some default policy were changed, and the corresponding
system components were not tweaked.
Refer to this link:
http://forums.fedoraforum.org/showthread.php?t=206797
Reply at:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/306362/comments/55
** Changed in: dbus (Fedora)
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/306362
Title:
Default D-Bus system bus policy is allow
Status in D-Bus:
Fix Released
Status in dbus package in Ubuntu:
Fix Released
Status in dbus package in Debian:
Fix Released
Status in dbus package in Fedora:
Fix Released
Bug description:
A new security release of DBus is now available:
http://dbus.freedesktop.org/dbus/releases/dbus-1.2.6.tar.gz
This release contains a (partial, see below) fix for:
https://bugs.freedesktop.org/show_bug.cgi?id=18229
== Summary ==
Joachim Breitner discovered a mistake in the default configuration for the
system bus (system.conf) which made the default policy for both sent and
received messages effectively *allow*, and not deny as intended.
This release fixes the send side permission, but does not change the receive.
See below for more details.
== Available workarounds ==
Add explicit <deny> rules to existing policy files which do not
already have them.
== Mitigating factors ==
There are three important mitigating factors.
* First, in an examination of a Fedora 10 system, many services contained
explicit <deny> rules under the "default" context. These deny rules did (and
continue to) operate as expected.
* Second, an increasing trend has been for core system services to use
PolicyKit, or otherwise do security checks on the service side. Any system
which relies on PolicyKit is unaffected by this flaw.
* Third, the SELinux DBus support is not affected by this flaw.
Now, as mentioned above this fix is partial. DBus has two kinds of policy
permissions, send and receive. Generally speaking, the send side permission is
much more important. However, DBus has supported receive side permissions for
a few reasons, among those are:
* Ensuring signals containing sensitive data aren't visible by unexpected
processes. Suggested fix: Do not put sensitive data in DBus signals; use
targeted method calls.
* A way for processes to "second-pass" filter messages before they reach their
C code. Suggested fix: Something like PolicyKit (or just manual service-side
permission checks) remain a better way to do this.
For compatibility reasons, this release only fixes the send-side permission
check, and not receive. A greater number of services will need to be updated
for a future tightening of the receive permission.
We are as yet unsure when (and in fact, if) the receive permission will be
tightened in the DBus 1.2 stable branch. We will gather information about any
affected programs and make a final determination at in the near future.
== Conclusion Summary ==
* Add explicit <deny> rules under the default policy if this is applicable to
your service (i.e. not using PolicyKit or similar)
* Do not put sensitive information in signals
== Thanks ==
Thanks to Joachim Breitner for the initial report and proposed patch, Tomas
Hoger for the current fix, and others for their assistance with this issue.
_______________________________________________
dbus mailing list
dbus at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dbus
To manage notifications about this bug go to:
https://bugs.launchpad.net/dbus/+bug/306362/+subscriptions
More information about the foundations-bugs
mailing list