Bug#510657: sugar: /etc/dbus-1/system.d file needs alterations for fd.o #18961

[Simon McVittie]

On Sun, 04 Jan 2009 at 17:05:56 +0100, Jonas Smedegaard wrote:
> On Sun, Jan 04, 2009 at 02:57:48PM +0000, Simon McVittie wrote:
> >On Sun, 04 Jan 2009 at 04:12:08 +0100, Jonas Smedegaard wrote:
> >> Ok, I read the fd.org bugreport. But I fail to understand what is 
> >> wrong and should be fixed with 
> >> /etc/dbus-1/system.d/NetworkManagerInfo.conf - it seems to me that 
> >> all entries contain both send_interface and send_destination as 
> >> described in that bugreport.
> >
> ><allow send_foo="a"/> <allow send_bar="b"/> allows anything where
> >foo=a *or* bar=b.
> >
> ><allow send_foo="a" send_bar="b"/> allows anything where foo=a *and* bar=b.
> 
> I recognize none of above patterns in the sugar package.

On a lenny system with sugar freshly installed, I get the former pattern
with foo=destination, bar=interface, a=b=org.freedesktop.NetworkManagerInfo:

% cat /etc/dbus-1/system.d/NetworkManagerInfo.conf
...
        <policy user="root">
                <allow own="org.freedesktop.NetworkManagerInfo"/>

                <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
                <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
        </policy>
...
% dpkg -S /etc/dbus-1/system.d/NetworkManagerInfo.conf
sugar: /etc/dbus-1/system.d/NetworkManagerInfo.conf
% dpkg -s sugar | grep '^Version'
Version: 0.81.4-1

Each <policy> should probably look more like this:

        <policy user="root">
                <allow own="org.freedesktop.NetworkManagerInfo"/>
                <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
        </policy>

or equivalently but with unnecessary verbosity, this:

        <policy user="root">
                <allow own="org.freedesktop.NetworkManagerInfo"/>
                <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
                <allow send_destination="org.freedesktop.NetworkManagerInfo"
                       send_interface="org.freedesktop.NetworkManagerInfo"/>
        </policy>

I've uploaded a (source + i386) version of dbus targeted for lenny
to <http://people.debian.org/~smcv/dbus-cve-2008-4311/> - amd64 binaries to
follow soon. Please try out sugar's NetworkManager integration with that
version and make sure it can still work.

    Simon

signature.asc
Description: Digital signature