Your message dated Tue, 03 Jun 2025 20:48:58 +0000
with message-id <e1umyz8-0018tj...@fasolo.debian.org>
and subject line Bug#1094257: fixed in bluez 5.82-1.1
has caused the Debian Bug report #1094257,
regarding Do not start mpris-proxy for root user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1094257: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094257
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bluez
Version: 5.79-1
Severity: important
X-Debbugs-Cc: aeru...@aerusso.net
Dear maintainer,
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes root to any security vulnerability in
mpris-proxy.
Please consider the following trivial patch that changes this
default behavior.
Best,
Antonio Russo
From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
From: Antonio Enrico Russo <aeru...@aerusso.net>
Date: Sun, 26 Jan 2025 08:00:26 -0700
Subject: [PATCH] Do not start mpris-proxy for root user
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes root to any security vulnerability in
mpris-proxy.
Inhibit this default behavior by using ConditionUser=!root.
Signed-off-by: Antonio Enrico Russo <aeru...@aerusso.net>
---
tools/mpris-proxy.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
index 5307490..118ed6e 100644
--- a/tools/mpris-proxy.service.in
+++ b/tools/mpris-proxy.service.in
@@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
Wants=dbus.socket
After=dbus.socket
+ConditionUser=!root
[Service]
Type=simple
--
2.48.1
OpenPGP_0x72DB026E04C1C768.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: bluez
Source-Version: 5.82-1.1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
bluez, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1094...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Jun 2025 20:48:11 +0200
Source: bluez
Architecture: source
Version: 5.82-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1094257
Changes:
bluez (5.82-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Do not start mpris-proxy for system users (Closes: #1094257)
Checksums-Sha1:
32e863f57e6b727db5fbed19d885f373c490c40a 3031 bluez_5.82-1.1.dsc
6344c74e217aa7331439e67960367009f3f0a16a 44568 bluez_5.82-1.1.debian.tar.xz
Checksums-Sha256:
a452a7352488e55a09eb8d8d8ba883db1bf93df1d06a13b0804bf908fe2099ad 3031
bluez_5.82-1.1.dsc
dd32f06a527859709055912ac8c8a0377030f7f34d7d6a9cc7f5938ed8bac659 44568
bluez_5.82-1.1.debian.tar.xz
Files:
f12c2e660944a70c2d0ab5dd8140c4a0 3031 admin optional bluez_5.82-1.1.dsc
a5af4b687794d43ad498d58f8fa78733 44568 admin optional
bluez_5.82-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmg/SJRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E2/kQAJuO6FI+Q3dhmv75y/8RCiQCNSObPEZw
V0dZzLIUesyZ/E4jmkobWhhUZM4w0p6oXED8ulSqIRG3roZvKwd1mlG73sOYoxJf
dgr/rZuZx/hxnYVWriuCQBZt4P54QBBw5+Dy68B6yLZlYaoSJeJn6BMPE+Dh1Hma
ISJXgdWJepRg9sVKeXmnOW4LP/F5uWnO4A5GUnmvzxsCQ66xPJmUpgpEK3RHMysP
x3sDFl5ibQquS2SnBZHc8FSwvDR8/gNNgLROV07z+5ahJOFQ1rh7POuGU+1o+Y/i
AHbKZqToo/oxbd5R/htvT82u98UYW4372M1wnSDI0RHagvl4mxZSbHQKBKDcJe6l
V/1kdMhPYrfuNQOSRXjJe/00Me3gs0D9kfKteNyisV/OF4ud/pdYHSb8XZvSf2Xj
XL2/ud+6GjvOJ2sYxnNd9sbXuq+BdZn6dK57x7plhI+RF0q/S3jYJ8wKlQbPkCUU
7agxEYPSm/jZKrNsSmqezKI+qQWENqAGR2OeUYLR22AvjKpCBCITJFOx3SZjGN80
8senB+eYHgBUColXGh5oVdLjF+zRDJE/9IE6YdQ2UWqQV2Yg2Q710z/bzc9qaVzr
AsS7vclDG+cz/a5t0rqZ8ENU+7Qo9JSdVKt/4FVc/EdQeB/9LJkLMnKj+p4PTTbX
79eY+I8VxEgM
=BQrn
-----END PGP SIGNATURE-----
pgpPQ3JOhKRLF.pgp
Description: PGP signature
--- End Message ---
