On Mon, 2009-03-09 at 09:31 +0100, Thomas Bächler wrote:
Jan de Groot schrieb:
As soon as it's moved into core, I would like to add the non-permissive version to testing and see what breaks. Doing so, we can close down this security leak in dbus and have all affected services fixed.
I think we can start closing down services even now, as the new dbus gives you several warnings (from auth.log):
Mar 9 09:27:23 artin dbus-daemon: Would reject message, 1 matched rules; type="method_call", sender=":1.11" (uid=1000 pid=4903 comm="kded4 ") interface="org.freedesktop.Hal.Device.CPUFreq" member="GetCPUFreqAvailableGovernors" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=4373 comm="/usr/sbin/hald "))
I can post a complete list if these are useful in any way.
I wasn't aware of this change, but it's certainly useful. This helps us to fix permissions before we break random things by pushing a new dbus version to testing :) Please create a bugreport, assign it to me, and add all the log entries you see.