diff options
author | Laurent Bigonville <bigon@bigon.be> | 2015-07-11 11:00:04 +0200 |
---|---|---|
committer | Zeeshan Ali (Khattak) <zeeshanak@gnome.org> | 2015-08-26 12:50:56 +0100 |
commit | a5b7bbb595be04899084e39e7ddf806d5b524e28 (patch) | |
tree | 1cf93e3da6a114953e80efce8ea6be828e1f9478 /data | |
parent | d242d50f2bd058d36bece61056ce9f6a867cb42f (diff) |
agent: Only allow the geoclue user to call methods
The policy applies only to the process sending a message, not the one
receiving it. We need to be sure only the geoclue user can call the
Agent's methods.
Explanation by smvc from the bugreport:
[...]
The issue here is that every file in /etc/dbus-1/system.d applies to
everything on the system bus - there is no way to limit policies to
particular packages. So Geoclue2's policy allows any uid to call any
method on the Properties interface at the path
/org/freedesktop/GeoClue2/Agent, in *any* destination.
You might think "why would any other service have an object at
/org/freedesktop/GeoClue2/Agent?", but not all services distinguish
between object paths: those that are implemented in terms of simplistic
libdbus filters[1] typically do not.
[...]
https://bugs.freedesktop.org/show_bug.cgi?id=91214
Diffstat (limited to 'data')
-rw-r--r-- | data/org.freedesktop.GeoClue2.Agent.conf.in (renamed from data/org.freedesktop.GeoClue2.Agent.conf) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/org.freedesktop.GeoClue2.Agent.conf b/data/org.freedesktop.GeoClue2.Agent.conf.in index b9824dc..5a4ec77 100644 --- a/data/org.freedesktop.GeoClue2.Agent.conf +++ b/data/org.freedesktop.GeoClue2.Agent.conf.in @@ -2,7 +2,7 @@ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> - <policy context="default"> + <policy user="@dbus_srv_user@"> <allow send_interface="org.freedesktop.GeoClue2.Agent" send_path="/org/freedesktop/GeoClue2/Agent"/> <allow send_interface="org.freedesktop.DBus.Properties" |