Announcing D-Bus 1.8.14
Simon McVittie
simon.mcvittie at collabora.co.uk
Tue Jan 6 12:56:38 PST 2015
On 05/01/15 15:04, Simon McVittie wrote:
> • Do not allow calls to UpdateActivationEnvironment or the Stats
> interface on object paths other than /org/freedesktop/DBus.
Unfortunately, it seems that this causes KDE Plasma 5 to regress: unlike
the equivalent code in gnome-session, recent versions of startkde expect
to be able to call UpdateActivationEnvironment on the non-canonical path
"/". My check in codesearch.debian.net did not find this, since it is a
relatively recent addition.
I'm somewhat reluctant to revert this change, because I am aware of at
least one software package which incorrectly allows arbitrary calls at
"/" on any service (currently embargoed, so no specifics yet, sorry);
but if anyone needs a quick hack, removing these lines from
bus_driver_handle_update_activation_environment() should do it.
if (!bus_driver_check_message_is_for_us (message, error))
return FALSE;
The uid check in the same function should still prevent abuse, but I'd
feel safer with both left in.
Reference: <https://bugs.mageia.org/show_bug.cgi?id=14963>
S
More information about the dbus
mailing list