Bug 146765 - CAN-2005-0201 dbus information leak
CAN-2005-0201 dbus information leak
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: dbus (Show other bugs)
3
All Linux
medium Severity low
: ---
: ---
Assigned To: John (J5) Palmieri
impact=low,public=20050131,source=redhat
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-01 09:47 EST by Josh Bressers
Modified: 2013-03-13 00:47 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-03 16:16:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-01 09:47:22 EST
This text was stolen from the freedesktop bugzilla
https://bugs.freedesktop.org/show_bug.cgi?id=2436


If I login as root and create a session bus, then login as another user, I am
able to use dbus-send to connect to root's session bus.

To reproduce:
Login as root, open a terminal, echo $DBUS_SESSION_BUS_ADDRESS, write down the
address.
Run dbus-monitor --session

Login as another user on a console, run:
env DBUS_SESSION_BUS_ADDRESS=(address written down above) dbus-send
--dest=org.freedesktop.DBus --type=method_call --print-reply
/org/freedesktop/DBus org.freedesktop.DBus.ListServices

The dbus-send gives a message about not being able to print the return value,
and the dbus-monitor on root's session bus shows the ListServices request coming
through.

A patch exists in the upstream bugzilla.
Comment 1 Josh Bressers 2005-02-01 09:48:42 EST
John, can you virify this note sent by Havoc

    Note that this only affects the per-user session bus. Right now I think
    we only use that for printing. So the impact is you could use this bug
    to print jobs as another user or view someone's jobs. This would not
    affect HAL or anything like that.
Comment 2 John (J5) Palmieri 2005-02-01 11:47:05 EST
verified.  Worst that can happen is another user sends signals that print jobs
have been started or canceled (Note this is only for notification.  Other users
can not control the print queue).  Disconnected signals are stopped at the bus
so there is no way to make eggcups crash.  Other than that there are currently
no other services that use the session bus.  I have RHEL-4, FC-3 and rawhide
patched on my local machine.  Risk is low.  I am going to start filling out errata.
Comment 3 John (J5) Palmieri 2005-02-03 16:16:14 EST
Fix went through Fedora Update procedure

Note You need to log in before you can comment on or make changes to this bug.