Bug 145993 - default pin used instead of asking user
default pin used instead of asking user
Product: Fedora
Classification: Fedora
Component: bluez-utils (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: David Woodhouse
Depends On:
  Show dependency treegraph
Reported: 2005-01-24 11:35 EST by Toni Willberg
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.15-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-02 07:31:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Toni Willberg 2005-01-24 11:35:04 EST

The default pin code is used after installation. The default pin is
being read from file :

This allows unwanted people to connect to the system if they know the
default pin code. The pin seems to be shipped with the rpm package.
The default pin is alphabetical, I don't know if it's a valid pin code
according the the specs, but it's better be safe than sorry... 

Suggested changes:

 - ship empty /etc/bluetooth/pin (or no file at all)
 - verify that bluez can handle this

 - change default security mode to "user"

        # Security Manager mode
        #   none - Security manager disabled
        #   auto - Use local PIN for incoming connections
        #   user - Always ask user for a PIN
 -       security auto;
 +       security user;

 Toni Willberg
Comment 1 Andre 2005-01-28 13:16:32 EST
Same here.. kernel 2.6.10-1.741_FC3
Run gnome-bluetooth-manager (0.5.1):

(Bluetooth Device Manager:32663): GConf-CRITICAL **: file
gconf-client.c: line 547 (gconf_client_add_dir): assertion
`gconf_valid_key (dirname, NULL)' failed
** Message: inquiry_result:     bdaddr xx:xx:xx:xx:xx:xx class 520204
** Message: Already know about xx:xx:xx:xx:xx:xx, preparing for
** Message: inquiry complete
conn_request:   bdaddr xx:xx:xx:xx:xx:xx
conn_complete:  status 0x05

(bdaddr has been masked)

Never asks for a PIN.

Note You need to log in before you can comment on or make changes to this bug.