Bug 167052

Summary: CAN-2005-0201 - session bus does not restrict connections base on uid
Product: [Fedora] Fedora Reporter: John (J5) Palmieri <johnp>
Component: dbusAssignee: John (J5) Palmieri <johnp>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: jkeck, sundaram
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.33-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-05 05:54:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John (J5) Palmieri 2005-08-29 20:44:59 UTC 
Description of problem:

If I login as root and create a session bus, then login as another user, I am
able to use dbus-send to connect to root's session bus.

To reproduce:
Login as root, open a terminal, echo $DBUS_SESSION_BUS_ADDRESS, write down the
address.
Run dbus-monitor --session

Login as another user on a console, run:
env DBUS_SESSION_BUS_ADDRESS=(address written down above) dbus-send
--dest=org.freedesktop.DBus --type=method_call --print-reply
/org/freedesktop/DBus org.freedesktop.DBus.ListServices

The dbus-send gives a message about not being able to print the return value,
and the dbus-monitor on root's session bus shows the ListServices request coming
through.
Comment 1 John (J5) Palmieri 2005-08-29 20:46:26 UTC 
this is fgixed upstream nad waiting to be pushed for FC4
Comment 2 Fedora Update System 2005-08-30 03:25:37 UTC 
From User-Agent: XML-RPC

dbus-0.33-3.fc4.1 has been pushed for FC4, which should resolve this issue.

If these problems are still present in this version, then please re-open this bug.