Bug 146765
Summary: | CAN-2005-0201 dbus information leak | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | dbus | Assignee: | John (J5) Palmieri <johnp> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | jkeck |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=low,public=20050131,source=redhat | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-02-03 21:16:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-02-01 14:47:22 UTC
John, can you virify this note sent by Havoc Note that this only affects the per-user session bus. Right now I think we only use that for printing. So the impact is you could use this bug to print jobs as another user or view someone's jobs. This would not affect HAL or anything like that. verified. Worst that can happen is another user sends signals that print jobs have been started or canceled (Note this is only for notification. Other users can not control the print queue). Disconnected signals are stopped at the bus so there is no way to make eggcups crash. Other than that there are currently no other services that use the session bus. I have RHEL-4, FC-3 and rawhide patched on my local machine. Risk is low. I am going to start filling out errata. Fix went through Fedora Update procedure |