Tag: dbus-policy-excessively-broad
Severity: error
Check: desktop/dbus
Explanation: The package contains D-Bus policy configuration that
matches broad classes of messages. This will cause strange side-effects,
is almost certainly unintended, and is a probable security flaw.
.
For instance,
.
<policy user="daemon">
<allow send_type="method_call"/>
<allow send_destination="com.example.Bees"/>
</policy>
.
in any system bus policy file would allow the daemon
user to send
any method call to any service, including method calls which are meant to
be restricted to root-only for security, such as
org.freedesktop.systemd1.Manager.StartTransientUnit
. (In addition,
it allows that user to send any message to the com.example.Bees
service.)
.
The intended policy for that particular example was probably more like
.
<policy user="daemon">
<allow send_type="method_call" send_destination="com.example.Bees"/>
</policy>
.
which correctly allows method calls to that particular service only.
See-Also:
http://www.openwall.com/lists/oss-security/2015/01/27/25