← Back to team overview

ubuntu-x-swat team mailing list archive

  1. ubuntu-x-swat team
  2. Mailing list archive
  3. Message #68679

[Bug 575724] [NEW] /etc/dbus-1/system.d/xserver-xorg.conf allows D-BUS interfaces on all objects

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: xorg

In Lucid (xserver-xorg1:7.5+5ubuntu1), /etc/dbus-1/system.d/xserver-
xorg.conf reads:

<busconfig>
        <policy context="default">
                <allow own="org.x.config.display0"/>
                <allow send_destination="org.x.config.display0"/>
                <allow send_interface="org.x.config.display0"/>
                <allow own="org.x.config.display1"/>
                <allow send_destination="org.x.config.display1"/>
                <allow send_interface="org.x.config.display1"/>
                <allow own="org.x.config.display2"/>
                <allow send_destination="org.x.config.display2"/>
                <allow send_interface="org.x.config.display2"/>
        </policy>
</busconfig>


If I'm not mistaken, this is plain wrong, because the 'send_interface' lines will allow any sender to talk to any destination. From e.g. bug 318753 (The D-Bus policy needs checking!):
    *IMPORTANT* you MUST include send_destination on ALL allow or deny
    tags. Omitting it is a SERIOUS bug!

                <!-- !! SERIOUS BUG !! -->
                <allow send_interface="x.y.z" />

        This allows any service to receive method calls of the given
        interface, not just your own service!

        It also implicitly allows any service to receive method calls
        with no interface specified, in case they match this interface!

        Using the above means you are potentially allowing exploiting of
        a different service. DO NOT DO IT!


So I'd say the file should be changed to:
<busconfig>
        <policy context="default">
                <allow own="org.x.config.display0"/>
                <allow send_destination="org.x.config.display0"
                           send_interface="org.x.config.display0"/>
                <allow own="org.x.config.display1"/>
                <allow send_destination="org.x.config.display1"
                           send_interface="org.x.config.display1"/>
                <allow own="org.x.config.display2"/>
                <allow send_destination="org.x.config.display2"
                           send_interface="org.x.config.display2"/>
        </policy>
</busconfig>

Not sure this as actual consequences currently, but better check this.
Or maybe I'm just on crack...

** Affects: xorg (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: dbus-policy

** Visibility changed to: Public

** Tags added: dbus-policy

-- 
/etc/dbus-1/system.d/xserver-xorg.conf allows D-BUS interfaces on all objects
https://bugs.launchpad.net/bugs/575724
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg in ubuntu.

Follow ups

References

  Thread PreviousDate PreviousThread Next