diff options
| author | Colin Walters <walters@verbum.org> | 2009-01-21 14:58:49 -0500 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2009-01-21 14:58:49 -0500 |
| commit | c3aa52d20e7f97202fc9f421f8965c050a8049a7 (patch) | |
| tree | 542fa635c57d2fa7c2a11f93b2ebfcd55ab6a861 | |
| parent | c4d93c33280be50267eeccdad8a64f69f841f107 (diff) | |
| download | dbus-c3aa52d20e7f97202fc9f421f8965c050a8049a7.tar.gz | |
Bug 18229 - Change system.conf to correctly deny non-reply sends by default
The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply. This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.
This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>
Conflicts:
bus/system.conf.in
| -rw-r--r-- | bus/system.conf.in | 14 | ||||
| -rw-r--r-- | test/name-test/tmp-session-like-system.conf | 4 |
2 files changed, 12 insertions, 6 deletions
diff --git a/bus/system.conf.in b/bus/system.conf.in index 287efc9f..a96dd251 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -44,9 +44,19 @@ even if they aren't in here --> <allow send_destination="org.freedesktop.DBus"/> <allow receive_sender="org.freedesktop.DBus"/> - <!-- valid replies are always allowed --> - <allow send_requested_reply="true"/> + <!-- allow sending valid replies --> + <allow send_requested_reply="true" send_type="method_return"/> + <allow send_requested_reply="true" send_type="error"/> + <!-- allow receiving valid replies --> <allow receive_requested_reply="true"/> + <!-- Note: the rule above also allows receiving of all non-reply messages + that are not denied later. See: + https://bugs.freedesktop.org/show_bug.cgi?id=18229 + Potentially this will be replaced in the future by the + following two rules: + <allow receive_requested_reply="true" receive_type="method_return"/> + <allow receive_requested_reply="true" receive_type="error"/> + --> </policy> <!-- Config files are placed here that among other things, punch diff --git a/test/name-test/tmp-session-like-system.conf b/test/name-test/tmp-session-like-system.conf index e483c89b..1cbc95c5 100644 --- a/test/name-test/tmp-session-like-system.conf +++ b/test/name-test/tmp-session-like-system.conf @@ -8,10 +8,6 @@ <!-- Our well-known bus type, don't change this --> <type>session</type> - <!-- If we fork, keep the user's original umask to avoid affecting - the behavior of child processes. --> - <keep_umask/> - <listen>unix:tmpdir=/tmp</listen> <standard_session_servicedirs /> |