Hi, Am Sonntag, den 26.10.2008, 18:46 +0100 schrieb Michael Biebl: > Joachim Breitner wrote: > > > BTW, upstream has confirmed the bug: > > https://bugs.freedesktop.org/show_bug.cgi?id=18229#c2 > > I can't access the upstream bug report > > I only get access denied error messages (although I'm logged in with my > bugs.fd.o account)
they made it security-only, it seems. I guess I should tell them that I
already put this on bugs.debian.org.
Anyways, here is the result from Havoc Pennington (which does not seem
to contain anything more secret than the original post):
> Good catch. I've marked the bug security group only in case people want to do
> a
> coordinated update under embargo.
>
> I think the patch is not quite right because <allow> and <deny> should be
> treated differently.
>
> The requested_reply arg to check_can_send already incorporates whether the
> message is a reply. So I think perhaps simply removing the "if
> (dbus_message_get_reply_serial (message) != 0)" check would fix this bug,
> except the eavesdrop test may need to now look at whether it's a reply, so
> something like:
>
> if (!requested_reply && rule->allow && rule->d.send.requested_reply)
> {
> if (dbus_message_get_reply_serial (message) != 0 && rule->d.send.eavesdrop)
> {
> /* it's a reply, but was not requested; if eavesdrop is true, allow
> anyway */
> }
> else
> {
> /* skip rule, do not allow */
> continue;
> }
> }
>
> I am not 100% sure though. Clearly more test cases are needed, ideally unit
> tests for the full matrix of (reply vs. not reply) * (requested vs. not
> requested) * (allow vs. deny) etc., basically try to cover all the code paths.
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
[EMAIL PROTECTED] | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: [EMAIL PROTECTED] | http://people.debian.org/~nomeata
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
