Package: dnsmasq
Version: 2.57-1
Severity: normal
Tags: patch
Default policy from dnsmasq specific dbus configuration file only allows root
user to own or send messages associated with dnsmasq interface. Debian dnsmasq
daemon connects to dbus as root before changing to user 'dnsmasq'. As such
dnsmasq is able to start up and take ownership of the interface with the
default policy, but subsequent response messages (error messages) will be
denied as they will come from the UID of the 'dnsmasq' user.
Recommend policy be added to allow 'dnsmasq' user to own and send messages
through dnsmasq interface with the following patch:
--- ./a/etc/dbus-1/system.d/dnsmasq.conf 2011-02-18 13:20:36.000000000
-0500
+++ ./b/etc/dbus-1/system.d/dnsmasq.conf 2011-07-21 13:19:08.054660524
-0400
@@ -6,6 +6,10 @@
<allow own="uk.org.thekelleys.dnsmasq"/>
<allow send_destination="uk.org.thekelleys.dnsmasq"/>
</policy>
+ <policy user="dnsmasq">
+ <allow own="uk.org.thekelleys.dnsmasq"/>
+ <allow send_destination="uk.org.thekelleys.dnsmasq"/>
+ </policy>
<policy context="default">
<deny own="uk.org.thekelleys.dnsmasq"/>
<deny send_destination="uk.org.thekelleys.dnsmasq"/>
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.39-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dnsmasq depends on:
ii adduser 3.113 add and remove users and groups
ii dnsmasq-base 2.57-1 A small caching DNS proxy and DHCP
ii netbase 4.46 Basic TCP/IP networking system
dnsmasq recommends no packages.
Versions of packages dnsmasq suggests:
ii resolvconf 1.58 name server information handler
-- Configuration Files:
/etc/dbus-1/system.d/dnsmasq.conf changed [not included]
/etc/dnsmasq.conf changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
