The desktop team recently discovered a flaw in dbus-glib where it didn't respect the "access" flag on properties specified. Basically, core OS services like NetworkManager which use dbus-glib were specifying e.g. the "Ip4Address" as read-only for remote access, but in fact any process could modify it. I have a patch for dbus-glib (attached). However, due to the nature of the way dbus-glib works where at build time services generate a C data structure from XML and embed it into their binary, affected services will need to be rebuilt (though not patched). This affected list is for F-12; I think for RHEL5 we just need dbus-glib and NetworkManager. KNOWN AFFECTED SERVICES: * DeviceKit-Power * NetworkManager * ModemManager KNOWN NOT AFFECTED that claim to handle org.freedesktop.DBus.Properties: * ConsoleKit (it denies all Properties access using dbus policy) * gdm (ditto) * PackageKit (all of the properties on exposed GObjects are G_PARAM_READONLY) KNOWN NOT AFFECTED (because I audited them) * gnome-panel (no dbus properties) * gnome-system-monitor (ditto) PROBABLY NOT AFFECTED * hal (doesn't claim to handle org.freedesktop.DBus.Properties) * polkit (uses eggdbus) * rtkit (doesn't use dbus-glib) * DeviceKit-disks (all its properties appear to be readonly) * wpa_supplicant (doesn't implement Properties) * upstart (doesn't use dbus-glib)
Created attachment 408742 [details] respect property access flags Note that affected services will need to be recompiled.
This has been assigned CVE-2010-1172
Created attachment 409584 [details] 0001-Respect-property-access-flags-for-writing-allow-disa.patch Updated patch; this one exercises the legacy disabled cased.
Latest patch appears to allow setting properties listed as 'access=read' even though I"ve disabled legacy property access: NetworkManager: object_registration_message: prop lookup name 'ip4_address' NetworkManager: check_property_access: iface org.freedesktop.NetworkManager.Device name Ip4Address (is set 0) NetworkManager: check_property_access: iface org.freedesktop.NetworkManager.Device name Ip4Address (access type readwrite) NetworkManager: object_registration_message: prop lookup name 'ip4_address' NetworkManager: check_property_access: iface org.freedesktop.NetworkManager.Device name Ip4Address (is set 1) NetworkManager: check_property_access: iface org.freedesktop.NetworkManager.Device name Ip4Address (access type readwrite) NetworkManager: object_registration_message: prop lookup name 'ip4_address' NetworkManager: check_property_access: iface org.freedesktop.NetworkManager.Device name Ip4Address (is set 0) NetworkManager: check_property_access: iface org.freedesktop.NetworkManager.Device name Ip4Address (access type readwrite) but introspection/nm-device.xml lists Ip4Address as access=read. Also, you can kill the: /* Try both forms of property names: "foo_bar" or "FooBar"; for historical * reasons we accept both. */ if (object_info && !(property_info_from_object_info (object_info, wincaps_propiface, requested_propname, &access_type) 'object_info' check there now in check_property_access since there's a check for if (!object_info) just above.
Nevermind about the Ip4Address thing, needed a clean rebuild locally. So the latest patch looks good to me.
Created attachment 437622 [details] patch against dbus-glib git master This patch is rebased on dbus-glib git master as of today (commit 9440209e2).
This is public now.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0616 https://rhn.redhat.com/errata/RHSA-2010-0616.html