Diff for "DBusPermissions"

Differences between revisions 2 and 22 (spanning 20 versions)

This page tracks the changes needed to fix [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 D-Bus deny-by-default].

[http://people.debian.org/~smcv/dbus-cve-2008-4311/ "Release candidate" of dbus source and i386 binaries for testing]

Bugs related to CVE-2008-4311

http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=CVE-2008-4311

(some of these may be non-RC)

fd.o #18961

Bugs which are probably not RC, related to [http://bugs.freedesktop.org/show_bug.cgi?id=18961 fd.o #18961]:

http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=fdo-18961

Otherwise broken

libosso, osso-gwconnect (RM requested)

Related bugs (not yet filed in Debian)

NM-0.7: http://bugzilla.gnome.org/show_bug.cgi?id=565008

dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441

Complete list of affected packages

Fixed packages

bluemon	(#510626, fixed in 1.4-5, looks ok)
bluez-utils	(#510644, fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture
consolekit	(#510645, fixed in 0.2.10-4, looks ok)
hal	(#510639, fixed in 0.5.11-7, mostly ok, cleanup default section)
odccm	(#510788, fixed in 0.11.1-4, looks mostly ok, restrict to interfaces?)
policykit	(#510646, fixed in 0.9-2, looks ok)
pommed	(#510700, fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone?)
smart-notifier	(#510709, fixed in 0.28-1.1, looks ok, strict)
sugar	(#510657, fixed in 0.82.8-3, looks ok)
system-tools-backends	(#510744, fixed in 2.6.0-2lenny1, looks ok, strict)

Packages with bug report not yet fixed

avahi-daemon	(#510653, no patch)
cups	(#510634, no patch)
dhcdbd	(#510791, no patch, bare send_interfaces, superfluous default section)
dnsmasq	(#510649, patch via upstream bug report)
galago-daemon	(#511146, request to remove system bus policy file)
network-manager	(#510729, no patch)
network-manager-gnome	(#510728, no patch)
network-manager-kde	(#510757, no patch)
network-manager-openvpn	(#510730, no patch)
network-manager-pptp	(#510732, no patch)
network-manager-vpnc	(#510735, no patch)
pathfinderd	(#510696, no patch, remove bare send_interfaces and default section)
powersaved	(#510633, patch seems ok, move introspection in default section!)
system-config-printer	(#510756, no patch, superfluous default section, remove send_interface)
wpasupplicant	(#510652, patch, denials with NM 0.7)
yum	(#510659, no patch, remove bare send_interfaces, default section)

Packages without a bug report

gconf-defaults-service	(from experimental, bare send_interfaceS)
gnome-applets-data	(from experimental, bare send_interfaceS)
gnome-panel-data	(from experimental, bare send_interfaceS)
gpe-bluetooth	(no bug report filed)
kerneloops	(completely broken, file extension does not even end with .conf)
libgksu-polkit0	(looks mostly ok)
libpam-dbus	(not sure, allow everyone to own the name)
mumble-server	(looks ok)
osso-gwconnect	(bare send_interfaceS, needs review)
setroubleshoot	(bare send_interfaceS, needs review)
wicd	(bare send_interfaceS, needs review, allows everyone to configure the network?)

-  ⇤ ← Revision 2 as of 2009-01-04 01:39:17 → 
  Size: 1506
  Editor: SimonMcVittie
  Comment: filed bugs on consolekit and bluez-utils
+   ← Revision 22 as of 2009-02-05 16:46:22 → ⇥
  Size: 3936
  Editor: MichaelBiebl
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-This page tracks the changes needed to fix D-Bus deny-by-default.
+This page tracks the changes needed to fix [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 D-Bus deny-by-default].
 Line 3:
-== Debian bug filed ==
+[http://people.debian.org/~smcv/dbus-cve-2008-4311/ "Release candidate" of dbus source and i386 binaries for testing]
 Line 5:
-[http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&usertags=CVE-2008-4311]
+== Bugs related to CVE-2008-4311 ==
http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=CVE-2008-4311
-Line 7:
+Line 8:
-(normal severity bugs are not blockers, but are related)
+(some of these may be non-RC)
-Line 9:
+Line 10:
-== Debian bug should be filed ==
+== fd.o #18961 ==
Bugs which are probably not RC, related to [http://bugs.freedesktop.org/show_bug.cgi?id=18961 fd.o #18961]:
-Line 11:
+Line 13:
-knetworkmanager ([https://bugzilla.redhat.com/show_bug.cgi?id=475468 Red Hat bug], upstream unhappy with the patch)
+http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=fdo-18961
-Line 13:
+Line 15:
-policykit ([https://bugs.freedesktop.org/show_bug.cgi?id=18948])
+== Otherwise broken ==
libosso, osso-gwconnect (RM requested)
-Line 15:
+Line 18:
-system-tools-backends (might be [http://bugzilla.gnome.org/show_bug.cgi?id=563857 "GNOME system monitor"], [https://bugzilla.redhat.com/show_bug.cgi?id=475203 system-config-services], [http://cvs.fedoraproject.org/viewvc/rpms/system-config-services/F-10/system-config-services-0.99.28-dbus.patch system-config-services], [https://bugzilla.redhat.com/show_bug.cgi?id=475524 system-config-samba]?)
+== Related bugs (not yet filed in Debian) ==
NM-0.7: http://bugzilla.gnome.org/show_bug.cgi?id=565008
-Line 17:
+Line 21:
-== Might be affected, please check ==
+dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441
-Line 19:
+Line 23:
-avahi
+== Complete list of affected packages ==
-Line 21:
+Line 25:
-dnsmasq
+Fixed packages
-Line 23:
+Line 27:
-gpe-bluetooth
+|| bluemon                || (#510626, fixed in 1.4-5, looks ok) || ||
|| bluez-utils            || (#510644, fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture ||
|| consolekit             || (#510645, fixed in 0.2.10-4, looks ok) || ||
|| hal                    || (#510639, fixed in 0.5.11-7, mostly ok, cleanup default section) ||
|| odccm                  || (#510788, fixed in 0.11.1-4, looks mostly ok, restrict to interfaces?) ||
|| policykit              || (#510646, fixed in 0.9-2, looks ok) ||
|| pommed                 || (#510700, fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone?) ||
|| smart-notifier         || (#510709, fixed in 0.28-1.1, looks ok, strict) ||
|| sugar                  || (#510657, fixed in 0.82.8-3, looks ok) ||
|| system-tools-backends  || (#510744, fixed in 2.6.0-2lenny1, looks ok, strict) ||
-Line 25:
+Line 38:
-kerneloops
+Packages with bug report not yet fixed
-Line 27:
+Line 40:
-mumble
+|| avahi-daemon           || (#510653, no patch) || ||
|| cups                   || (#510634, no patch) || ||
|| dhcdbd                 || (#510791, no patch, bare send_interfaces, superfluous default section) || ||
|| dnsmasq                || (#510649, patch via upstream bug report) || ||
|| galago-daemon          || (#511146, request to remove system bus policy file) || ||
|| network-manager        || (#510729, no patch) ||
|| network-manager-gnome  || (#510728, no patch) ||
|| network-manager-kde    || (#510757, no patch) ||
|| network-manager-openvpn|| (#510730, no patch) ||
|| network-manager-pptp   || (#510732, no patch) ||
|| network-manager-vpnc   || (#510735, no patch) ||
|| pathfinderd            || (#510696, no patch, remove bare send_interfaces and default section) ||
|| powersaved             || (#510633, patch seems ok, move introspection in default section!) ||
|| system-config-printer  || (#510756, no patch, superfluous default section, remove send_interface) ||
|| wpasupplicant          || (#510652, patch, denials with NM 0.7) ||
|| yum                    || (#510659, no patch, remove bare send_interfaces, default section) ||
-Line 29:
+Line 57:
-network-manager
+Packages without a bug report
-Line 31:
+Line 59:
-network-manager-applet

network-manager-openvpn

network-manager-pptp

network-manager-vpnc

odccm

pathfinder

smart-notifier

sugar (probably unaffected, needs a second look; related to nm-applet)

system-config-printer

wpasupplicant

yum

== Non-RC severity ==

cups (mjj29)

== Unaffected ==

galago-daemon (not on system bus)

== Being dealt with ==

pommed (upstream and Debian maintainer fixing it)

libosso, osso-gwconnect (RM requested)
+|| gconf-defaults-service || (from experimental, bare send_interfaceS) ||
|| gnome-applets-data     || (from experimental, bare send_interfaceS) ||
|| gnome-panel-data       || (from experimental, bare send_interfaceS) ||
|| gpe-bluetooth          || (no bug report filed) ||
|| kerneloops             || (completely broken, file extension does not even end with .conf) ||
|| libgksu-polkit0        || (looks mostly ok) ||
|| libpam-dbus            || (not sure, allow everyone to own the name) ||
|| mumble-server          || (looks ok) ||
|| osso-gwconnect         || (bare send_interfaceS, needs review) ||
|| setroubleshoot         || (bare send_interfaceS, needs review) ||
|| wicd                   || (bare send_interfaceS, needs review, allows everyone to configure the network?) ||