FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 03-08-2009, 11:38 AM
Jan de Groot
 
Default Dbus on archlinux and permissions

I'm planning to update dbus to the latest release. Reading the
releasenotes, I found this:

Due to a security issue (CVE-2008-4311) for which a large number of
system services need fixes, the dbus 1.2 stable branch has been split
into two streams. The "1.2.4Xpermissive" branch originates from 1.2.4,
and maintains the unintended permissive default for messages. Releases
1.2.6 and later have a default deny. It is intended that the
permissive branch only be used temporarily by vendors. For more
information, see this mail:
http://lists.freedesktop.org/archives/dbus/2008-December/010769.html

I would like to package the 1.2.4.4permissive release now. As soon as
it's moved into core, I would like to add the non-permissive version to
testing and see what breaks. Doing so, we can close down this security
leak in dbus and have all affected services fixed.
 
Old 03-09-2009, 07:31 AM
Thomas Bächler
 
Default Dbus on archlinux and permissions

Jan de Groot schrieb:

As soon as
it's moved into core, I would like to add the non-permissive version to
testing and see what breaks. Doing so, we can close down this security
leak in dbus and have all affected services fixed.


I think we can start closing down services even now, as the new dbus
gives you several warnings (from auth.log):


Mar 9 09:27:23 artin dbus-daemon: Would reject message, 1 matched
rules; type="method_call", sender=":1.11" (uid=1000 pid=4903 comm="kded4
") interface="org.freedesktop.Hal.Device.CPUFreq"
member="GetCPUFreqAvailableGovernors" error name="(unset)"
requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=4373
comm="/usr/sbin/hald "))


I can post a complete list if these are useful in any way.
 
Old 03-09-2009, 07:46 AM
Jan de Groot
 
Default Dbus on archlinux and permissions

On Mon, 2009-03-09 at 09:31 +0100, Thomas Bächler wrote:
> Jan de Groot schrieb:
> > As soon as
> > it's moved into core, I would like to add the non-permissive version to
> > testing and see what breaks. Doing so, we can close down this security
> > leak in dbus and have all affected services fixed.
>
> I think we can start closing down services even now, as the new dbus
> gives you several warnings (from auth.log):
>
> Mar 9 09:27:23 artin dbus-daemon: Would reject message, 1 matched
> rules; type="method_call", sender=":1.11" (uid=1000 pid=4903 comm="kded4
> ") interface="org.freedesktop.Hal.Device.CPUFreq"
> member="GetCPUFreqAvailableGovernors" error name="(unset)"
> requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=4373
> comm="/usr/sbin/hald "))
>
> I can post a complete list if these are useful in any way.

I wasn't aware of this change, but it's certainly useful. This helps us
to fix permissions before we break random things by pushing a new dbus
version to testing

Please create a bugreport, assign it to me, and add all the log entries
you see.
 

Thread Tools




All times are GMT. The time now is 07:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org