Bug 145993

Summary: default pin used instead of asking user
Product: [Fedora] Fedora Reporter: Toni Willberg <toniw>
Component: bluez-utilsAssignee: David Woodhouse <dwmw2>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: ajongerden
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.15-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-02 12:31:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Toni Willberg 2005-01-24 16:35:04 UTC
bluez-utils-2.10-2

The default pin code is used after installation. The default pin is
being read from file :
 /etc/bluetooth/pin  

This allows unwanted people to connect to the system if they know the
default pin code. The pin seems to be shipped with the rpm package.
The default pin is alphabetical, I don't know if it's a valid pin code
according the the specs, but it's better be safe than sorry... 


Suggested changes:

1)
 - ship empty /etc/bluetooth/pin (or no file at all)
 - verify that bluez can handle this

2)
 - change default security mode to "user"

 /etc/bluetooth/hcid.conf:
        # Security Manager mode
        #   none - Security manager disabled
        #   auto - Use local PIN for incoming connections
        #   user - Always ask user for a PIN
        #
 -       security auto;
 +       security user;


Yours,
 Toni Willberg

Comment 1 Andre 2005-01-28 18:16:32 UTC
Same here.. kernel 2.6.10-1.741_FC3
Run gnome-bluetooth-manager (0.5.1):

<log>
(Bluetooth Device Manager:32663): GConf-CRITICAL **: file
gconf-client.c: line 547 (gconf_client_add_dir): assertion
`gconf_valid_key (dirname, NULL)' failed
** Message: inquiry_result:     bdaddr xx:xx:xx:xx:xx:xx class 520204
** Message: Already know about xx:xx:xx:xx:xx:xx, preparing for
rediscovery
** Message: inquiry complete
conn_request:   bdaddr xx:xx:xx:xx:xx:xx
conn_complete:  status 0x05
</log>

(bdaddr has been masked)

Never asks for a PIN.