Features/DBusPolicy

= DBus Policy =

Summary
Due to a [security issue], the DBus system bus policy has changed to increase security, and many applications were incorrect.

Owner

 * Name: Colin Walters 

Current status

 * Targeted release:  Fedora 11
 * Last updated: 2009-03-05
 * Percentage of completion: 100%

Detailed Description
Essentially the system bus policy was unintentionally wide open, and a number of applications relied on this and shipped incorrect or incomplete policy files in /etc/dbus-1/system.d.

There's more information in [this mail], as well as [this mail].

Known issues have been added to [this upstream tracker bug].

There is logging of denials to /var/log/messages.

Benefit to Fedora
Fixes an important line of defense in the core OS security.

Scope
Any package which ships a file in /etc/dbus-1/system.d may be affected. Here is a complete list of those packages, for reference: [wwoods@brinstar ~]$ sudo repoquery -sf '/etc/dbus-1/system.d/*' --qf '%{NAME}' | sort -u avahi bluez ConsoleKit cups cups-pk-helper DeviceKit DeviceKit-disks DeviceKit-power dnsmasq fprintd galago-daemon GConf2 gdm gnome-applets gnome-lirc-properties gnome-panel gnome-system-monitor gypsy hal kde-plasma-networkmanagement kerneloops modcluster NetworkManager NetworkManager-gnome NetworkManager-openconnect NetworkManager-openvpn NetworkManager-pptp NetworkManager-vpnc odccm oddjob oddjob-mkhomedir ohm PackageKit PolicyKit ricci setroubleshoot-server sugar system-config-printer-libs system-config-samba system-config-services wpa_supplicant yum-updatesd

Test Plan

 * Desktop: Test NetworkManager and HAL+device mounting.
 * Desktop: Test PackageKit and installing updates using a GUI tool

Shouldn't be any denials in /var/log/messages

User Experience
No user visible experience.

Dependencies
None.

Contingency Plan
We could continue to be in "permissive" mode for another release, but I'd really like not to do that.

Documentation
See the detailed description for information.

Release Notes
Previous releases of Fedora shipped with a security policy for the DBus system bus that was unintentionally permissive (see CVE-2008-4311). In Fedora 11, the policy has been changed to deny method calls by default.

Comments and Discussion
Can be discussed on the fedora-devel list or the mailto:dbus@lists.freedesktop.org upstream list.