Tag: dbus-policy-without-send-destination
Severity: warning
Check: desktop/dbus
Explanation: The package contains D-Bus policy configuration that uses
one of the send_*
conditions, but does not specify a
send_destination
, and is not specific to root.
.
Rules of the form
.
<allow send_interface="com.example.MyInterface"/>
.
allow messages with the given interface to be sent to *any*
service, not just the one installing the rule, which is rarely
what was intended.
.
Similarly, on the system bus, rules of the form
.
<deny send_interface="com.example.MyInterface"/>
.
are redundant with the system bus's default-deny policy, and have
unintended effects on other services.
.
This check ignores rules of the form
.
<policy user="root">
<allow ... />
</policy>
.
which are commonly used for the "agent" pattern seen in services like
BlueZ and NetworkManager: a root-privileged daemon calls out to
one or more per-user user interface agent processes with no specific
name, so send_destination
is not easily applicable.
However, such rules should still be made as specific as possible to
avoid undesired side-effects.
See-Also:
https://bugs.freedesktop.org/show_bug.cgi?id=18961,
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html