Mailinglist Archive: opensuse-packaging (129 mails)

< Previous Next >
[opensuse-packaging] new dbus policy rpmlint check in Factory
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Mon, 26 Jan 2009 11:49:21 +0100
  • Message-id: <200901261149.22500.ludwig.nussel@xxxxxxx>
Hi,

The dbus package used a too permissive configuration in the past
which led to security problems (CVE-2008-4311). During investigation
of that problem it was found that many packages install dbus
configuration files that contain useless settings, settings that
harm other services or settings that even break after the dbus
security update.

Therefore I've written an rpmlint check that warns about such flaws.
The check 'dbus-policy-missing-allow' will abort the build though.
If you encounter that error you need to fix your dbus policy as the
package will break (ie the service it offers via dbus won't work)
after a dbus with the restrictive config gets checked in.

A minimal config for a service that uses PolicyKit for access
control typically looks like this:

<busconfig>
<policy user="someuser">
<allow own="org.foo.bar"/>
</policy>
<policy context="default">
<allow send_destination="org.foo.bar"/>
</policy>
</busconfig>

cu
Ludwig

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups