registry team mailing list archive

Thread
Date
[Bug 318746] Re: D-Bus Policy needs checking

To: registry@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <318746@xxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Sep 2010 16:29:14 -0000
Reply-to: Bug 318746 <318746@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Launchpad has imported 9 comments from the remote bug at
http://bugs.freedesktop.org/show_bug.cgi?id=18985.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2008-12-09T12:12:30+00:00 Colin Walters wrote:

Created an attachment (id=20960)
allow introspection

Right now HAL has a lot of manual interface rules in the allow; if we're
really using PolicyKit now it seems to me we could replace all of them
with the simple:

<allow send_destination="org.freedesktop.Hal"/>

But I've chosen to attach a patch which is conservate and just
explicitly enables introspection.

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/0

------------------------------------------------------------------------
On 2008-12-10T12:35:52+00:00 Colin Walters wrote:

Created an attachment (id=21023)
proposed hal.conf.in

Propose replacing the existing .conf.in with this upstream, moving the
other one to hal-nopolicykit.conf.in.  (Possibly add a configure
option?)

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/1

------------------------------------------------------------------------
On 2008-12-18T13:51:00+00:00 Colin Walters wrote:

Ping on this bug - I want to do a new dbus release with logging, and
NetworkManager talking to HAL constantly warns about the KillSwitch
method.

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/2

------------------------------------------------------------------------
On 2008-12-19T02:04:50+00:00 Richard Hughes wrote:

I think we need to discuss this upstream. I would prefer a much less
invasive patch as HAL is in effective feature freeze.

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/3

------------------------------------------------------------------------
On 2008-12-19T08:53:02+00:00 Colin Walters wrote:

(Aren't we discussing this upstream now?)  Ok, I'll see about putting
together a targeted patch.

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/4

------------------------------------------------------------------------
On 2008-12-19T11:27:29+00:00 Colin Walters wrote:

Created an attachment (id=21326)
allow introspection and Device.KillSwitch access

This one just allows introspection and Device.KillSwitch access.  There
may be others.

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/5

------------------------------------------------------------------------
On 2009-01-05T07:39:06+00:00 Simon McVittie wrote:

For reference, this is Debian bug <http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=510639>; I put some notes and proposed patches
there while trying to fix it in the (older?) version used in Debian 5.0.

A perhaps-simpler way to fix NetworkManager's use of hal would be to
allow root to access all of hal's functionality, which I've proposed as
a patch to the Debian package. Since root is allowed to replace or
impersonate hal, being able to access hal seems fairly uncontroversial.

hal also has the bug tracked by
<http://bugs.freedesktop.org/show_bug.cgi?id=18961> (send_interface
without send_destination) which I've proposed as a patch; it won't apply
upstream without minor modification since I applied it after the Debian-
specific group-based access control patch, but the changes are hopefully
obvious.

According to some quick testing, gnome-power-manager (at least at the
version in Debian 5.0) also wants to access the CPUFreq interface, so
that should probably be allowed for users who are at_console (or some
other suitable access control - in Debian it's the powerdev group, but
that's Debian-specific anyway). I also suggested allowing DockStation
and WakeOnLan, which seemed in-scope for the Debian powerdev group.

Which other interfaces have I missed, that are "fairly safe" for users
with physical access?

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/6

------------------------------------------------------------------------
On 2009-01-05T07:50:37+00:00 Simon McVittie wrote:

This also seems to be https://bugzilla.redhat.com/show_bug.cgi?id=476043

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/7

------------------------------------------------------------------------
On 2009-01-29T06:37:18+00:00 Danny Kukawka wrote:

It should be fixed now in git master.

Check: http://cgit.freedesktop.org/hal/tree/hal.conf.in

Reply at: https://bugs.launchpad.net/hal/+bug/318746/comments/10


** Changed in: hal
   Importance: Unknown => Medium

** Bug watch added: freedesktop.org Bugzilla #18961
   http://bugs.freedesktop.org/show_bug.cgi?id=18961

** Bug watch added: Red Hat Bugzilla #476043
   https://bugzilla.redhat.com/show_bug.cgi?id=476043

-- 
D-Bus Policy needs checking
https://bugs.launchpad.net/bugs/318746
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.