On Mon, 05 Jan 2009 at 07:20:13 +1000, Kel Modderman wrote: > On Monday 05 January 2009 06:56:08 Simon McVittie wrote: > > Package: wpasupplicant > > Version: 0.6.4-3 > > Severity: normal > > User: [email protected] > > Usertags: fdo-18961 > > > > wpasupplicant's D-Bus system.d config should be updated to fix > > non-deterministic allow/deny for messages with no interface; the D-Bus > > upstream recommendation seems to be that every allow or deny rule with > > send_interface="..." should have a suitable send_destination attribute too. > > > > In this case, this would make them redundant with the lines matching > > send_destination="...", so they can just be removed (see > > http://bugzilla.gnome.org/show_bug.cgi?id=563730 for the equivalent > > changes to NetworkManager). > > > > http://bugs.freedesktop.org/show_bug.cgi?id=18961 is the D-Bus bug tracking > > this; there have also been discussions on the D-Bus mailing list. > > > > Regards from the Cambridge BSP, > > Simon > > > > Is this different to #510652 ?
Sorry for the duplicate, I've spent today in a maze of D-Bus policy and missed the previous bug I filed... This is not RC for lenny, and indeed probably shouldn't be fixed in sid while still frozen. I believe the necessary change is to remove the lines mentioning send_interface, like this: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> <busconfig> <policy user="root"> <allow own="fi.epitest.hostap.WPASupplicant"/> <allow send_destination="fi.epitest.hostap.WPASupplicant"/> - <allow send_interface="fi.epitest.hostap.WPASupplicant"/> </policy> <policy group="netdev"> <allow send_destination="fi.epitest.hostap.WPASupplicant"/> - <allow send_interface="fi.epitest.hostap.WPASupplicant"/> </policy> <policy context="default"> <deny own="fi.epitest.hostap.WPASupplicant"/> <deny send_destination="fi.epitest.hostap.WPASupplicant"/> - <deny send_interface="fi.epitest.hostap.WPASupplicant"/> </policy> </busconfig> However, please test with the new dbus (<http://people.debian.org/~smcv/dbus-cve-2008-4311/>, or 1.2.8 from experimental, or the upcoming 1.2.1-5 from sid/lenny, or something else with CVE-2008-4311 fixed) before uploading changes to these policy files. To be honest, a large part of the purpose of filing these bugs was in case we had to upgrade them to RC later, but wpasupplicant seems to work OK. Regards, Simon
signature.asc
Description: Digital signature
