Comment 24 for bug 1433590
Revision history for this message
| Zsombor Egri (zsombi) wrote Re: [Bug 1433590] Re: apparmor dbus denial for org.freedesktop.Accounts and make Other vibrations work | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
demo site
(Get the code!)
On Wed, Jul 13, 2016 at 10:41 AM, Zhang Enwei <email address hidden>
wrote:
> I am now investigating if org.freedesktop
> is supported in go-dbus.
> If it is supported, we can use pid to get the name of the process or path
> of the binary.
>
> --
> You received this bug notification because you are a bug assignee.
> https:/
>
> Title:
> apparmor dbus denial for org.freedesktop
> vibrations work
>
> Status in Canonical System Image:
> Triaged
> Status in apparmor-
> Fix Released
> Status in ubuntu-
> Confirmed
> Status in ubuntu-ui-toolkit package in Ubuntu:
> Confirmed
> Status in usensord package in Ubuntu:
> Confirmed
>
> Bug description:
> This affects vivid and (somewhat recently?) 14.09.
>
> At some point, apps started to request access to
> org.freedesktop
> been conjectured in this bug that it is due to vibration settings.
> Filing against ubuntu-
> move to the correct package.
>
> This happens with webapps:
> Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation=
> interface=
> mask="send" name="org.
> profile=
> peer_pid=1596 peer_profile=
> Apr 7 08:42:17 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation=
> interface=
> name="org.
> profile=
> peer_pid=1596 peer_profile=
>
> and QML apps:
> Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation=
> interface=
> mask="send" name="org.
> profile=
> peer_profile=
> Apr 7 08:43:40 ubuntu-phablet dbus[797]: apparmor="DENIED"
> operation=
> interface=
> name="org.
> profile=
> peer_profile=
>
> The following rules allow the requested access:
> dbus (send)
> bus=system
> path="/
> interface=
> member=Introspect
> peer=(name=
> dbus (send)
> bus=system
> path="/
> interface=
> member=FindUserById
> peer=(name=
> dbus (send)
> bus=system
> path="/
> interface=
> member=Get
> peer=(name=
>
> However, the above is too lenient and constitutes a privacy leak for
> apps. FindUserById could be used by a malicious app to enumerate
> usernames on multiuser systems and because we can't mediate method
> data with apparmor, the Get() method can be used to obtain any
> information provided by this interface.
>
> The following can be used to see what can be leaked to a malicious app:
> gdbus introspect --system -d org.freedesktop
> /org/freedeskto
>
> This can be solved in a couple of ways:
> 1. add whatever information the app is trying to access to a new helper
> service that only exposes things that the app needs. This could be a single
> standalone service, perhaps something from ubuntu-
> could expose any number of things-- the current locale, if the locale
> changed, if the grid units changed, the vibration settings, etc. Since this
> service wouldn't have any sensitive information, you could use standard
> dbus properties/
> 2. add a new dbus API to an existing service such that apparmor rules
> can then be used to allow by method (eg, GetVibration() or something)
>
> I won't dictate the implementation except to mention that '1' seems
> like something generally useful and I believe that it was something
> the ubuntu-
> locale changes without rebooting.
>
>
> Original description
> starting an app in vivid (image 135 on arale currently)
>
> produces a bunch of dbus denials in syslog ... (there is also a
> /dev/tty one but i think this is just because soemthing tries to write
> an error to console ... so transient)
>
> http://
>
> To manage notifications about this bug go to:
>
> https:/
>