Due to a [security issue], the DBus system bus policy has changed, and many applications were incorrect.
- Name: Colin Walters <firstname.lastname@example.org>
- Targeted release: Fedora 11
- Last updated: 2009-02-26
- Percentage of completion: 90%
Essentially the system bus policy was unintentionally wide open, and a number of applications relied on this and shipped incorrect or incomplete policy files in /etc/dbus-1/system.d.
Known issues have been added to [this upstream tracker bug].
There is logging of denials to /var/log/messages.
Benefit to Fedora
Fixes an important line of defense in the core OS security.
Any package which ships a file in /etc/dbus-1/system.d may be affected.
- Desktop: Test NetworkManager and HAL+device mounting.
- Desktop: Test PackageKit and installing updates using a GUI tool
Shouldn't be any denials in /var/log/messages
No user visible experience.
We could continue to be in "permissive" mode for another release, but I'd really like not to do that.
See the detailed description for information.
Comments and Discussion
Can be discussed on the fedora-devel list or the [upstream list].