eavesdrop in dbus policy

Aubert Malek (MM) malek.aubert at external.magnetimarelli.com
Mon Mar 23 07:42:59 PDT 2015 

Hi All,

Any answer here plz?

Thank you.
Malek.

-----Message d'origine-----
De : Aubert Malek (MM)
Envoyé : mercredi 18 mars 2015 16:55
À : 'dbus at lists.freedesktop.org'
Objet : TR: eavesdrop in dbus policy

Hello All,

Thank you for answering Simon. I will try to use Become Monitor instead then. I just need to understand this. Running the user that uses dbus_daemon as root and give it eavesdrop=true causes conflicts with security policy but what if I run it as logging for example (usr=logging) and make dbus policy changes only for this user (logging). I'll be having this in my system_local.conf:
<policy user="logging">
                <allow eavesdrop="true"/>
                <allow send_destination="*" eavesdrop="true"/> </policy>

Actually with these settings I'm getting Signals and Methods call but not reply messages (error and Method return). I don't understand because these messages are in default allow policy.
This result is not stable, Sometimes I see all dbus messages it's making me crazy!  You are saying that this shouldn't work. Why shouldn't this work?

Thanks again.
Malek.
-----Message d'origine-----
De : Simon McVittie [mailto:simon.mcvittie at collabora.co.uk]
Envoyé : mercredi 18 mars 2015 14:53
À : Aubert Malek (MM)
Objet : Re: eavesdrop in dbus policy

When contacting open source projects, it is often preferable to contact public channels (e.g. the dbus at lists.freedesktop.org mailing list) instead of individual developers. If you contact me personally, but I'm busy with something else, then nobody will reply; if you contact a mailing list, but I'm busy, you might get a reply from someone else instead. Also, other people on the list will benefit from seeing the question and its answer.

(Alternatively, my colleagues and I are available for consulting via my employer <http://www.collabora.com/>.)

On 18/03/15 12:45, Aubert Malek (MM) wrote:
> I am trying to spy on DBUs for a Diagnosis Log and Trace system and I
> need to see all the messages sent through DBus.

Sorry, it is not possible to do this on the system bus in a secure way for dbus 1.9.8 or older.
<https://bugs.freedesktop.org/show_bug.cgi?id=46787> has the details.
Specifically, <https://bugs.freedesktop.org/show_bug.cgi?id=46787#c3>
explains why what you are trying to do doesn't work (I mistakenly thought it would work too, when I opened that bug, but later realised it
wouldn't.)

In development versions (dbus 1.9.10 or newer), either use dbus-monitor, or use the new BecomeMonitor() method like dbus-monitor does (see its source code for details).

If you are using the stable branches (dbus 1.8 or older): sorry, there is no way to do this without backporting the BecomeMonitor() changes from 1.9. Eavesdropping is fine on the session bus, but it has never really worked for the system bus; this has been the case since the project started.

> In my policy I added
>
> <allow eavesdrop="true"
> send_type="*"/>
>
>  <allow eavesdrop="true" receive_type="*"/>
>
> Is it enough to get everything?

In dbus 1.9.8 or older, you *cannot* get everything without also creating a security vulnerability, because of the way the policy language works. The policy language is designed for "normal use" and was unfortunately never really suitable for controlling eavesdropping.

In dbus 1.9.10 or newer, BecomeMonitor() bypasses the policy language entirely. To avoid the privacy/security violations that this could cause, BecomeMonitor() may only be called by root or the uid of the dbus-daemon (and you can also use the policy language to lock down which processes can call BecomeMonitor() itself).

I hope this helps,
    S

--
Simon McVittie
Collabora Ltd. <http://www.collabora.com/>


-----Message d'origine-----
De : Malek AUBERT
Envoyé : mercredi 18 mars 2015
À : Simon McVittie [mailto:simon.mcvittie at collabora.co.uk]
Objet : eavesdrop in dbus policy

Hello Mr MCVITTIE,

I am trying to spy on DBUs for a Diagnosis Log and Trace system and I need to see all the messages sent through DBus. To avoid having security issues by changing root policy for dbus, I run my program as a user=logging and I make my policy modifications only for this user. If my understanding is correct, I’ll be needing eavesdrop=true but I’m confused with the use of all the attributes to set with it. First of all, what’s the point of using <allow eavesdrop=true> without setting for which case we want to use it?
In my policy I added
<allow eavesdrop="true" send_type="*"/>
 <allow eavesdrop="true" receive_type="*"/> Is it enough to get everything? There are so many attributes described in dbus-daemon spec (http://dbus.freedesktop.org/doc/dbus-daemon.1.html) and I don’t get which ones I have to set?

Thanks in advance for answering and sorry for bothering.
Have a nice day.
Best Regards.
M. AUBERT



VISITEZ NOTRE NOUVEAU SITE WEB! - VISIT OUR NEW WEB SITE!   www.magnetimarelli.com

Confidential Notice: This message - including its attachments - may contain proprietary, confidential and/or legally protected information and is intended solely for the use of the designated addressee(s) above. If you are not the intended recipient be aware that any downloading, copying, disclosure, distribution or use of the contents of the above information is strictly prohibited.
If you have received this communication by mistake, please forward the message back to the sender at the email address above, delete the message from all mailboxes and any other electronic storage medium and destroy all copies.
Disclaimer Notice: Internet communications cannot be guaranteed to be safe or error-free. Therefore we do not assure that this message is complete or accurate and we do not accept liability for any errors or omissions in the contents of this message.

 Remarque de confidentialité : Ce message – et ses pièces jointes – peut contenir des informations confidentielles et/ou protégées par la loi, destinées uniquement à l'usage du destinataire désigné ci-dessus. Si vous n'êtes pas le destinataire prévu,  soyez conscient que tout téléchargement, copie,  divulgation,  distribution ou utilisation du contenu de l'information ci-dessus sont strictement interdits.
Si vous avez reçu cette communication par erreur, merci de retourner le message à l'expéditeur à l'adresse email ci-dessus, de le supprimer de toutes les boîtes aux lettres, de tous supports électroniques de stockage et  d’en détruire toutes les copies.
 Avis de non-responsabilité : les communications Internet ne peuvent être assurées authentiques ou sans erreur. C'est pourquoi nous ne garantissons pas l’intégralité ni l’exactitude de ce message et nous n'acceptons aucune responsabilité pour toute erreur ou omission dans le contenu de ce message.

More information about the dbus mailing list