If your package contains a D-Bus system bus service, you need to pay
It was discovered that the default policy of the D-Bus system bus was
not as was expected, due to a quirk of the language. In fact, whereas
the default policy was supposed to have been that messages would not be
allowed by default, the default was in fact that messages _were_
CVE-2008-4311 was issued, and a new release of D-Bus was updated to
correct the default policy to be deny-by-default.
It was quickly discovered that the policy files shipped by most services
no longer worked, and that many were (inadvertently, perhaps) relying on
the misconfiguration of the daemon.
We've audited the system bus services shipped in Ubuntu, and are
confident that there is no security exploit. Those services exporting
privileged methods either have sufficient "deny" rules, or use PolicyKit
For this reason, and due to the large potential for regressions, we've
opted not to release a security update for previous Ubuntu versions. We
may still do so if we discover a potential for exploit.
However this is a bug, and I've uploaded a new version of D-Bus to
jaunty that corrects it. I've filed bugs on all packages that appear to
ship a D-Bus system bus service (those with /etc/dbus-1/system.d/*.conf
files), but I may have missed some. I'd appreciate your help tracking
down any I've missed, and updating all of the packages.
Please read the following carefully to assist with updating the
The default policy of the D-Bus system bus is:
- Name ownership is DENIED by default.
- Method calls are DENIED by default.
- Replies to method calls, including errors, are PERMITTED by default.
- Signals are PERMITTED by default.
Therefore each service MUST, in its policy configuration:
- Permit an appropriate user to own the name it wishes to claim:
This denies all services from receiving method calls of the
given interface, not just your own service! It also implicitly
denies all services from receiving method calls with no
interface specified. DO NOT DO IT!
- You must allow standard interfaces as well, such as Introspection and
Be aware that a denied message may still happen if you have other
invalid policy installed (such as those which don't qualify allow/deny
rules with the destination!). Take the opportunity to fix all you see.
Scott James Remnant
ubuntu-devel mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel