On Wed, 07 Jan 2009 at 14:45:37 -0500, Colin Walters wrote: > On Wed, Jan 7, 2009 at 2:17 PM, Simon McVittie > <simon.mcvit...@collabora.co.uk> wrote: > > > >> Unfortunately they don't a well known service name nor object path, agents > >> are > >> user-registered > > > > Never mind. We have a lot of these rules in the archive anyway > > (http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintain...@lists.alioth.debian.org&tag=fdo-18961) > > and as far as I can tell it's not a release-critical bug, particularly > > as an <allow> rule... so leave it like that unless D-Bus upstream can > > explain something better. > > What's the scenario exactly? I had thought the <allow > send_destination="org.bluez"/> was sufficient for bluetooth; is that > not the case?
As far as I can tell, BlueZ agents work like this:
* the agent (a UI process run by a user) calls a method on the hci daemon (run
by root) and passes in its unique name and its (arbitrary) object path
* later, the hci daemon calls a method on the agent
so the only thing that can be relied on is that when the hci daemon calls
the method, it's on the org.bluez.Agent interface!
Mitigating factor: the hci daemon runs as root, so only root needs
permission to call arbitrary methods from the Agent interface on
arbitrary processes at arbitrary object paths, and root can ptrace or
impersonate hcid (or indeed dbus-daemon) anyway.
Simon
signature.asc
Description: Digital signature
