Package: iio-sensor-proxy Version: 2.0-3 Severity: critical Tags: security Justification: potential root security hole
Sorry for the 0-day public report, but this is already known to the public via #debian-devel and <https://lintian.debian.org/tags/dbus-policy-excessively-broad.html>. iio-sensor-proxy has this: <!-- Anyone can talk to the main interface --> <policy context="default"> <allow send_interface="net.hadess.SensorProxy"/> <allow send_interface="org.freedesktop.DBus.Introspectable"/> <allow send_interface="org.freedesktop.DBus.Properties"/> <allow send_interface="org.freedesktop.DBus.Peer"/> This does not do what it says in the comment. It allows every connection to the system bus to send any message to the Properties interface on any system bus service. If any system bus service has a property that should only be set by root, everyone can now set it. This is Very Bad, and I could easily imagine it causing a root security hole. I'm assuming the intended policy was to put a send_destination="net.hadess.SensorProxy" on everythng: <!-- Only root can own the service --> <policy user="root"> <allow own="net.hadess.SensorProxy"/> </policy> <!-- Only Geoclue can access the compass --> <policy user="geoclue"> <allow send_destination="net.hadess.SensorProxy" send_interface="net.hadess.SensorProxy.Compass" send_path="/net/hadess/SensorProxy/Compass"/> <allow send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Introspectable" send_path="/net/hadess/SensorProxy/Compass"/> <allow send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Properties" send_path="/net/hadess/SensorProxy/Compass"/> <allow send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Peer" send_path="/net/hadess/SensorProxy/Compass"/> </policy> <!-- Anyone can talk to the main interfaces --> <policy context="default"> <allow send_destination="net.hadess.SensorProxy" send_interface="net.hadess.SensorProxy"/> <allow send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Introspectable"/> <allow send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Properties"/> <allow send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Peer"/> <deny send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Introspectable" send_path="/net/hadess/SensorProxy/Compass"/> <deny send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Properties" send_path="/net/hadess/SensorProxy/Compass"/> <deny send_destination="net.hadess.SensorProxy" send_interface="org.freedesktop.DBus.Peer" send_path="/net/hadess/SensorProxy/Compass"/> </policy> Regards, S
