Bug 177880 - User crashes system dbus with red hat example
User crashes system dbus with red hat example
Product: Fedora
Classification: Fedora
Component: dbus (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Zeuthen
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-01-15 21:25 EST by Nick Lamb
Modified: 2013-03-05 22:44 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-05 16:01:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Crash system dbus as a user. (478 bytes, text/x-python)
2006-06-02 04:24 EDT, Andreas Øye
no flags Details

  None (edit)
Description Nick Lamb 2006-01-15 21:25:53 EST
Description of problem:

The example provided for manipulating BIND (named) with dbus crashes the system
message bus. This is both a crash and an example of elevated privilege (users
should not have enough privileges to crash system daemons), hence severity
SECURITY. The socket used to contact the messagebus is world writeable, so
anyone with user privileges can potentially crash the bus.

Version-Release number of selected component (if applicable):

dbus 0.33-3.fc4.1
bind 9.3.1-14_FC4

How reproducible:

Happens every time on this machine.

Steps to Reproduce:
1. As an ordinary user run the command

dbus-send --system --type=method_call --print-reply --dest=com.redhat.named
/foo/bar/baz foo.bar.baz

This command is simplified from the example provided in README.DBUS with the
Fedora Core BIND 9.3.1 documentation, which has the same results.

Actual results:

System dbus-daemon crashes, if it is run with --nofork to capture errors, the
output is:

2879: assertion failed "table->key_type == DBUS_HASH_STRING" file "dbus-hash.c"
line 1269 function _dbus_hash_table_remove_string

Expected results:

dbus-daemon should not crash.
Comment 1 Andreas Øye 2006-06-02 04:24:16 EDT
Created attachment 130385 [details]
Crash system dbus as a user. 

Loosely based on
and changed in a misguided attempt by me to use the systembus. :-)
Comment 2 Christian Iseli 2007-01-19 19:55:21 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Comment 3 Nick Lamb 2007-11-05 16:01:39 EST
I am the original reporter.

Seems to be fixed in Fedora 7 which I'm running here. So marking resolved
WORKSFORME. Please change this if there is a better resolution for bugs that are
now fixed but the fix isn't specifically known.

Note You need to log in before you can comment on or make changes to this bug.