Description of problem: The example provided for manipulating BIND (named) with dbus crashes the system message bus. This is both a crash and an example of elevated privilege (users should not have enough privileges to crash system daemons), hence severity SECURITY. The socket used to contact the messagebus is world writeable, so anyone with user privileges can potentially crash the bus. Version-Release number of selected component (if applicable): dbus 0.33-3.fc4.1 bind 9.3.1-14_FC4 How reproducible: Happens every time on this machine. Steps to Reproduce: 1. As an ordinary user run the command dbus-send --system --type=method_call --print-reply --dest=com.redhat.named /foo/bar/baz foo.bar.baz This command is simplified from the example provided in README.DBUS with the Fedora Core BIND 9.3.1 documentation, which has the same results. Actual results: System dbus-daemon crashes, if it is run with --nofork to capture errors, the output is: 2879: assertion failed "table->key_type == DBUS_HASH_STRING" file "dbus-hash.c" line 1269 function _dbus_hash_table_remove_string Aborted Expected results: dbus-daemon should not crash.
Created attachment 130385 [details] Crash system dbus as a user. Loosely based on http://blognote-info.com/index.php?2006/03/31/387-notification-framework and changed in a misguided attempt by me to use the systembus. :-)
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
I am the original reporter. Seems to be fixed in Fedora 7 which I'm running here. So marking resolved WORKSFORME. Please change this if there is a better resolution for bugs that are now fixed but the fix isn't specifically known.