On Wed, Jul 13, 2016 at 10:41 AM, Zhang Enwei <enwei.zh...@canonical.com> wrote:
> I am now investigating if org.freedesktop.DBus.GetConnectionUnixProcessID > is supported in go-dbus. > If it is supported, we can use pid to get the name of the process or path > of the binary. > > -- > You received this bug notification because you are a bug assignee. > https://bugs.launchpad.net/bugs/1433590 > > Title: > apparmor dbus denial for org.freedesktop.Accounts and make Other > vibrations work > > Status in Canonical System Image: > Triaged > Status in apparmor-easyprof-ubuntu package in Ubuntu: > Fix Released > Status in ubuntu-system-settings package in Ubuntu: > Confirmed > Status in ubuntu-ui-toolkit package in Ubuntu: > Confirmed > Status in usensord package in Ubuntu: > Confirmed > > Bug description: > This affects vivid and (somewhat recently?) 14.09. > > At some point, apps started to request access to > org.freedesktop.Accounts for something, but I'm not sure what. It has > been conjectured in this bug that it is due to vibration settings. > Filing against ubuntu-system-settings for now, but please feel free to > move to the correct package. > > This happens with webapps: > Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" > operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" > interface="org.freedesktop.DBus.Introspectable" member="Introspect" > mask="send" name="org.freedesktop.Accounts" pid=2632 > profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" > peer_pid=1596 peer_profile="unconfined" > Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED" > operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" > interface="org.freedesktop.Accounts" member="FindUserById" mask="send" > name="org.freedesktop.Accounts" pid=2632 > profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0.26" > peer_pid=1596 peer_profile="unconfined" > > and QML apps: > Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" > operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" > interface="org.freedesktop.DBus.Introspectable" member="Introspect" > mask="send" name="org.freedesktop.Accounts" pid=3377 > profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 > peer_profile="unconfined" > Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED" > operation="dbus_method_call" bus="system" path="/org/freedesktop/Accounts" > interface="org.freedesktop.Accounts" member="FindUserById" mask="send" > name="org.freedesktop.Accounts" pid=3377 > profile="com.ubuntu.calculator_calculator_1.3.339" peer_pid=1596 > peer_profile="unconfined" > > The following rules allow the requested access: > dbus (send) > bus=system > path="/org/freedesktop/Accounts" > interface="org.freedesktop.DBus.{Introspectable,Properties}" > member=Introspect > peer=(name=org.freedesktop.Accounts,label=unconfined), > dbus (send) > bus=system > path="/org/freedesktop/Accounts" > interface="org.freedesktop.Accounts" > member=FindUserById > peer=(name=org.freedesktop.Accounts,label=unconfined), > dbus (send) > bus=system > path="/org/freedesktop/Accounts/User[0-9]*" > interface="org.freedesktop.DBus.Properties" > member=Get > peer=(name=org.freedesktop.Accounts,label=unconfined), > > However, the above is too lenient and constitutes a privacy leak for > apps. FindUserById could be used by a malicious app to enumerate > usernames on multiuser systems and because we can't mediate method > data with apparmor, the Get() method can be used to obtain any > information provided by this interface. > > The following can be used to see what can be leaked to a malicious app: > gdbus introspect --system -d org.freedesktop.Accounts -o > /org/freedesktop/Accounts/User`id -u phablet` > > This can be solved in a couple of ways: > 1. add whatever information the app is trying to access to a new helper > service that only exposes things that the app needs. This could be a single > standalone service, perhaps something from ubuntu-system-settings, that > could expose any number of things-- the current locale, if the locale > changed, if the grid units changed, the vibration settings, etc. Since this > service wouldn't have any sensitive information, you could use standard > dbus properties/Get()/etc > 2. add a new dbus API to an existing service such that apparmor rules > can then be used to allow by method (eg, GetVibration() or something) > > I won't dictate the implementation except to mention that '1' seems > like something generally useful and I believe that it was something > the ubuntu-system-settings devs were already looking at for detecting > locale changes without rebooting. > > > Original description > starting an app in vivid (image 135 on arale currently) > > produces a bunch of dbus denials in syslog ... (there is also a > /dev/tty one but i think this is just because soemthing tries to write > an error to console ... so transient) > > http://paste.ubuntu.com/10620834/ > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/canonical-devices-system-image/+bug/1433590/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1433590 Title: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1433590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
