The Plan for CVE-2008-4311

Colin Walters walters at verbum.org
Tue Dec 23 09:54:07 PST 2008


On Mon, Dec 22, 2008 at 3:44 AM, Scott James Remnant
<scott at canonical.com> wrote:
> On Wed, 2008-12-17 at 18:10 -0500, Colin Walters wrote:
>
>> Concurrently, we apply these fixes to continuing the 1.2.X stream.
>> The primary difference between 1.2.X and 1.2.4.Xpermissive is simply
>> the default policy for method calls.  In 1.2.X it will be deny (as
>> intended originally), and 1.2.4.Xpermissive it will be permissive.
>>
> I'd like to see the default for signals be deny as well, since we're
> fixing application policy anyway, we should fix the apps to allow others
> to receive their signals.

The problem is that regardless, one needs to check the message sender
on the recipient side for generic interfaces; e.g. the
"PropertiesChanged" signal that IIRC was proposed as an addition to
the standard.  So, it is a binding/application issue.

Now, it would probably make sense for services to be able to
effectively claim an interface prefix in the security file.  Retaining
the permissive default this would look maybe something like:

<deny  sender_not="org.freedesktop.Hal",
receive_interface="org.freedesktop.Hal.*"/>


More information about the dbus mailing list