| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
Conflicts:
bus/connection.c
|
| |
|
|
|
|
|
|
|
| |
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
Conflicts:
bus/config-parser.c
|
| |
|
|
| |
It's part of the security check, we should have it in the log.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We need to start logging denials so that they become more easily trackable
and debuggable.
Conflicts:
bus/bus.c
bus/config-parser-common.c
bus/config-parser-common.h
bus/config-parser.c
test/name-test/tmp-session-like-system.conf
|
| |
|
|
|
|
|
|
|
| |
The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.
Conflicts:
bus/system.conf.in
|
| |
|
|
|
|
|
| |
Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply. This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.
This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>
Conflicts:
bus/system.conf.in
|
| |
|
|
|
|
| |
The tmp-session-like-system.conf bus configuration has a security
policy intended to mirror that of the system bus. This allows
testing policy rules.
|
| | |
|
| |
|
|
| |
Extracted from trunk commit be875094.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* CVE-2008-0595 - security policy of the type <allow send_interface=
"some.interface.WithMethods"/> work as an implicit allow for
messages sent without an interface bypassing the default deny rules
and potentially allowing restricted methods exported on the bus to be
executed by unauthorized users. This patch fixes the issue.
* bus/policy.c (bus_client_policy_check_can_send,
bus_client_policy_check_can_receive): skip messages without an
interface when evaluating an allow rule
|
| |
|
|
|
|
|
|
|
|
| |
* dbus/dbus-connection.c (close_connection_on_shutdown): new method
split out from shared_connections_shutdown
(shared_connections_shutdown): shutdown all shared connections
without guids
(_dbus_connection_ref_unlocked): handle OOM when prepending no guid
connections to the shared_connections_no_guid list
* Patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
|
| |
|
|
|
|
|
| |
* dbus/dbus-message.c (dbus_message_get_cached)
(dbus_message_cache_or_finalize): don't mess with message from
message cache outside of the cache lock. Bug #9164 from Jonathan
Matthew.
|
| |
|
|
|
|
|
| |
* dbus/dbus-connection.c (struct DBusConnection): Fix from Olivier
Hochreutiner to avoid trying to protect individual bits in a word
with different locks (make dispatch_acquired and io_path_acquired
dbus_bool_t rather than bitfields)
|
| |
|
|
|
| |
* backport fix to allow a server to use port=0 or omit port so
the port can be auto-selected by the OS
|
| |
|
|
|
|
|
| |
* bus/Makefile.am (install-data-hook): create session.d
* bus/session.conf.in: add session.d for the session bus, so
security policy can be extended
|
| |
|
|
|
|
| |
* dbus/dbus-sysdeps-unix.c (_dbus_open_socket): fix #10781 from
Tobias Nygren, checking pointer to fd vs. 0 rather than checking
the fd itself
|
| |
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps-unix.c: capture the dbus-launch stderr
output and add it to the DBusError message we return.
* tools/dbus-launch.1:
* tools/dbus-launch.c: Add option --close-stderr to, well,
close stderr before starting dbus-daemon.
I hope adding an option to dbus-launch in the 1.0.x series was ok.
|
| |
|
|
|
| |
* bus/dbus-daemon.1.in: write a section in the man page on running
a test daemon for debugging purposes
|
| |
|
|
|
|
|
|
|
|
| |
* bus/session.conf.in: override all the default limits with much
higher limits on the session bus, there is no reason the session
bus should have low limits
* bus/config-parser.c (bus_config_parser_new): increase default
limits so they are less likely to be hit; in particular the max
replies per connection was way too low
|
| | |
|
| | |
|
| |
|
|
|
| |
(CVE-2006-6107 - Patch from Kimmo Hämäläinen
<kimmo.hamalainen@nokia.com>)
|
| |
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps-pthread.c (_dbus_pthread_mutex_lock,
_dbus_pthread_condvar_wait,
_dbus_pthread_condvar_wait_timeout): set pmutex->holder to
pthread_self() after coming back from a conditional variable
wait as well as in one codepath where it was forgotten.
Approved by: Havoc Pennington.
|
| |
|
|
|
|
|
| |
* update-dbus-docs.sh: allow setting fd.org username via env
variable. Make it run autogen with --enable-xml-docs=yes
--enable-doxygen-docs=yes so configure will fail if the required
tools are missing.
|
| |
|
|
| |
* doc/dbus-faq.xml: minor FAQ tweaks
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* dbus/dbus-misc.c, dbus/dbus-misc.h: Move
dbus_get_local_machine_id() to its own file, no substantive
changes. There are a couple other things we might want to add that
are "misc" so moving out of dbus-connection.[hc] which is big
enough already.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-internals.c (_dbus_generate_uuid): The spec said the
UUID had the timestamp last, but the implementation had it first;
move it to last since I think it's a tiny bit nicer (easier to
compare at a glance, faster to sort, less code), and will not
cause any practical compatibility problems. Also, always convert
the timestamp to big endian.
* doc/dbus-specification.xml: Clean up the docs on the UUID.
* tools/dbus-uuidgen.1: more prominently say it is not suitable
as a replacement for regular uuidgen/RFC4122.
|
| |
|
|
|
|
|
|
|
| |
* dbus/dbus-threads.h: fix DBUS_THREAD_FUNCTIONS_ALL_MASK to have
the correct value so we don't assert when initalizing recursive threads
* test/name-test/test-thread-init.c: call dbus_threads_init_default
instead of _dbus_threads_init_debug since it is more of a real world
test
|
| | |
|
| |
|
|
| |
* AUTHORS: added Peter and Tor of windows porting fame
|
| |
|
|
|
|
|
| |
* doc/dbus-specification.xml: add a note about protocol stability
* doc/TODO: Remove "important for 1.0" section, replace with
"important for 1.2" section
|
| | |
|
| |
|
|
| |
* doc/TODO: Remove todo items which are done
|
| |
|
|
| |
(Patch from Olli Salli <olli dot salli at collabora dot co dot uk>)
|
| |
|
|
| |
(Patch from Olli Salli <olli dot salli at collabora dot co dot uk>)
|
| | |
|
| |
|
|
| |
(Patch from Olli Salli <olli dot salli at collabora dot co dot uk>)
|
| | |
|
| |
|
|
|
|
|
| |
* HACKING: Update release instructions to include stuff about
stable releases, branching, etc. May not be totally correct,
please fix if needed, but keep instructions up-to-date so we do
each stable release consistently in the future.
|
| |
|
|
|
|
| |
* doc/dbus-specification.xml, doc/dbus-faq.xml, README: various
documentation updates. Bump faq/spec versions (not to 1.0; I don't
think the spec will be "finished"/1.0 when we ship the 1.0 library).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
the directory as it may not exist
|
