Bug#510744: system-tools-backends: /etc/dbus-1/system.d file needs alterations for fd.o #18961

[Simon McVittie]

Package: system-tools-backends
Version: 2.6.0-2
Severity: normal
User: pkg-utopia-maintainers at lists.alioth.debian.org
Usertags: fdo-18961 CVE-2008-4311

system-tools-backends's D-Bus system.d config doesn't seem to allow
introspection of the configuration modules. This used to be allowed by a
dbus-daemon bug that caused the default to be allow; we're now trying to
fix this.

However, the configuration modules don't actually seem to be intended to
be accessed except via the dispatcher, so this might be acceptable
(since the dispatcher doesn't call Introspect). As a result, I've only
filed this bug as normal, although I'll escalate it to serious if
testing with the default-deny version of D-Bus fails.

https://bugs.freedesktop.org/show_bug.cgi?id=18980 is an upstream tracking
bug for services with this problem.

As a related 'normal' bug which should be fixed at the same time, the config
file should also be updated to fix non-deterministic allow/deny
for messages with no interface; the D-Bus upstream recommendation seems to
be that every allow or deny rule with send_interface="..." should have a
suitable send_destination attribute too. It's unclear to me whether the
FooConfig modules are separate processes, or in-process with the main
daemon; if they're separate processes they'll each need a
send_destination rule.

http://bugs.freedesktop.org/show_bug.cgi?id=18961 is the D-Bus bug tracking
the send_interface issue, and there have also been discussions on the D-Bus
mailing list.

Regards from the Cambridge BSP,
    Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090104/316e54ca/attachment.pgp