[arch-dev-public] Dbus on archlinux and permissions
Thomas Bächler
thomas at archlinux.org
Mon Mar 9 04:31:28 EDT 2009
Jan de Groot schrieb:
> As soon as
> it's moved into core, I would like to add the non-permissive version to
> testing and see what breaks. Doing so, we can close down this security
> leak in dbus and have all affected services fixed.
I think we can start closing down services even now, as the new dbus
gives you several warnings (from auth.log):
Mar 9 09:27:23 artin dbus-daemon: Would reject message, 1 matched
rules; type="method_call", sender=":1.11" (uid=1000 pid=4903 comm="kded4
") interface="org.freedesktop.Hal.Device.CPUFreq"
member="GetCPUFreqAvailableGovernors" error name="(unset)"
requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=4373
comm="/usr/sbin/hald "))
I can post a complete list if these are useful in any way.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.archlinux.org/pipermail/arch-dev-public/attachments/20090309/5f40c486/attachment.pgp>
More information about the arch-dev-public
mailing list