Bug 146766 - CAN-2005-0201 dbus information leak
Summary: CAN-2005-0201 dbus information leak
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dbus
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: John (J5) Palmieri
QA Contact:
Whiteboard: impact=low,public=20050131,source=redhat
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-01 14:49 UTC by Josh Bressers
Modified: 2013-03-13 04:47 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-06-08 15:00:24 UTC

Attachments (Terms of Use)
Patch from upstream makes the bus only allow messages if sent from the session's uid (1.16 KB, patch)
2005-02-01 18:47 UTC, John (J5) Palmieri
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:102 low SHIPPED_LIVE Low: dbus security update. 2005-06-08 04:00:00 UTC

Description Josh Bressers 2005-02-01 14:49:17 UTC
*** This bug has been split off bug 146765 ***

------- Original comment by Josh Bressers (Security Response Team) on 2005.02.01
09:47 -------

This text was stolen from the freedesktop bugzilla

If I login as root and create a session bus, then login as another user, I am
able to use dbus-send to connect to root's session bus.

To reproduce:
Login as root, open a terminal, echo $DBUS_SESSION_BUS_ADDRESS, write down the
Run dbus-monitor --session

Login as another user on a console, run:
env DBUS_SESSION_BUS_ADDRESS=(address written down above) dbus-send
--dest=org.freedesktop.DBus --type=method_call --print-reply
/org/freedesktop/DBus org.freedesktop.DBus.ListServices

The dbus-send gives a message about not being able to print the return value,
and the dbus-monitor on root's session bus shows the ListServices request coming

A patch exists in the upstream bugzilla.

Comment 1 John (J5) Palmieri 2005-02-01 18:47:55 UTC
Created attachment 110510 [details]
Patch from upstream makes the bus only allow messages if sent from the session's uid

Comment 2 Tim Powers 2005-06-08 15:00:24 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.