Re: [PATCH] wpa_supplicant: don't do <deny send_interface="..." /> in dbus service file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2015-10-28 at 22:46 +0200, Jouni Malinen wrote:
> On Fri, Oct 23, 2015 at 06:03:22PM +0200, Lubomir Rintel wrote:
> > It does more than intended; apart from denying messages to that particular
> > interface it also denies all messages non-qualified with an interface globally.
> > From the dbus-daemon manual:
> > 
> >   Be careful with send_interface/receive_interface, because the
> >   interface field in messages is optional. In particular, do NOT
> >   specify ! This will cause
> >   no-interface messages to be blocked for all services, which is almost
> >   certainly not what you intended. Always use rules of the form: 
> >   send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
> > 
> > We can just safely remove those rules, since we're sufficiently protected
> > by the send_destination matches and method calls are disallowed by default
> > anyway.
> 
> Could you please describe what is the issue that this is fixing? It
> looks like the policy for context="default" denies everything while the
> user="root" allows the items. Does the "deny send_interface" cause some
> harm in the case where every operation is supposed to be disallowed?

This issue is fixing the case where the policy shipped by
wpa_supplicant disallowed messages that are completely unrelated to
wpa_supplicant (essentially *all* messages without an interface). This
includes responses to NetworkManager's communication to VPN plugins.

Lubo

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux