eavesdrop in dbus policy

Fri Mar 27 01:20:32 PDT 2015

Ok. I give up. We will try something else. Just two last questions:
If we can't allow any process send anything on system dbus why by running our monitor as root can we see all the messages on dbus?
What is different with Become Monitor? I mean, this method will be used by a root user too. How does this way avoid security vulnerability?

-----Message d'origine-----
De : Simon McVittie [mailto:simon.mcvittie at collabora.co.uk]
Envoyé : mercredi 25 mars 2015 13:02
À : Aubert Malek (MM); dbus at lists.freedesktop.org
Objet : Re: eavesdrop in dbus policy

On 25/03/15 09:33, Aubert Malek (MM) wrote:
>>> <policy user="logging"><allow eavesdrop="true"/> means the
>>> (dbus-monitor that was run by) the "logging" user may receive any
>>> message from anywhere, even if it is considered to be eavesdropping
>>> (the message is not a broadcast and is intended for someone else).
>
> Isn't that what we want? We need to make monitor application see
> everything on DBus.

It is *necessary* for what you want, but it is not *sufficient*.

Like I already said, there are two separate sets of rules: "A may send to B" and "B may receive from A". You have added a rule to the second set. You are still not going to get all the messages without adding a rule to the first set, and there is currently no way to express the rule you would want to add.

If it was possible to make this work nicely, I wouldn't have spent time and effort on adding BecomeMonitor.

> Why do I get all the messages, with this policy, on session Dbus and
> not on system Dbus. What is blocking on system Dbus?

The "may send" rules are blocking it. On the session bus, any process may send anything; on the system bus, this is not true.

> Sorry for insisting but we have 1.6.8 version of Dbus (so, no Become
> Monitor solution especially that we need to avoid more CPU load
> consumption) and I need to find a way to make it work.

Then it is not possible to do what you want, except by backporting the BecomeMonitor feature from 1.9.

    S

--
Simon McVittie
Collabora Ltd. <http://www.collabora.com/>

VISITEZ NOTRE NOUVEAU SITE WEB! - VISIT OUR NEW WEB SITE!   www.magnetimarelli.com

Confidential Notice: This message - including its attachments - may contain proprietary, confidential and/or legally protected information and is intended solely for the use of the designated addressee(s) above. If you are not the intended recipient be aware that any downloading, copying, disclosure, distribution or use of the contents of the above information is strictly prohibited.
If you have received this communication by mistake, please forward the message back to the sender at the email address above, delete the message from all mailboxes and any other electronic storage medium and destroy all copies.
Disclaimer Notice: Internet communications cannot be guaranteed to be safe or error-free. Therefore we do not assure that this message is complete or accurate and we do not accept liability for any errors or omissions in the contents of this message.

 Remarque de confidentialité : Ce message – et ses pièces jointes – peut contenir des informations confidentielles et/ou protégées par la loi, destinées uniquement à l'usage du destinataire désigné ci-dessus. Si vous n'êtes pas le destinataire prévu,  soyez conscient que tout téléchargement, copie,  divulgation,  distribution ou utilisation du contenu de l'information ci-dessus sont strictement interdits.
Si vous avez reçu cette communication par erreur, merci de retourner le message à l'expéditeur à l'adresse email ci-dessus, de le supprimer de toutes les boîtes aux lettres, de tous supports électroniques de stockage et  d’en détruire toutes les copies.
 Avis de non-responsabilité : les communications Internet ne peuvent être assurées authentiques ou sans erreur. C'est pourquoi nous ne garantissons pas l’intégralité ni l’exactitude de ce message et nous n'acceptons aucune responsabilité pour toute erreur ou omission dans le contenu de ce message.