Skip to content

Security fix: Make D-Bus policy rules only affect SensorProxy itself

Bastien Nocera requested to merge github/fork/smcv/destination into master

Created by: smcv

D-Bus policy XML files are generic configuration for the bus daemon: they are conventionally named like a bus name, but there is nothing that inherently limits their application to that bus name.

In particular this means that a rule like

<policy context="default">
  <allow send_interface="org.freedesktop.DBus.Properties"/>

allows any process on the system bus to send an org.freedesktop.DBus.Properties.Set() call to any other process on the system bus, even if the destination process expected to be only accessible by root.

Fixes https://github.com/hadess/iio-sensor-proxy/issues/41


This is untested so far. You might want to try it before merging and verify that you can still communicate with i-s-p in ways that ought to be allowed.

edit: fix Markdown

Merge request reports

Loading