blob: c1f450348824e16e618a5fa76e0b96980e43f896 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
From 88691aea52226043552837ef8bd0375786ea9f86 Mon Sep 17 00:00:00 2001
From: Danny Kukawka <danny.kukawka@web.de>
Date: Thu, 22 Jan 2009 14:21:15 +0100
Subject: [PATCH 43/48] fixed HAL D-Bus config: added send_destination for all interfaces
Fixed HAL D-Bus config due to D-Bus changes caused by CVE-2008-4311.
Added send_destination="org.freedesktop.Hal" for all exported
interfaces as recommended here:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/318783
" [...]
*IMPORTANT* you MUST include send_destination on ALL allow or deny
tags. Omitting it is a SERIOUS bug!
<!-- !! SERIOUS BUG !! -->
<allow send_interface="x.y.z" />
This allows any service to receive method calls of the given
interface, not just your own service!
It also implicitly allows any service to receive method calls
with no interface specified, in case they match this interface!
[...] "
---
hal.conf.in | 45 ++++++++++++++++++++++++++++++---------------
1 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/hal.conf.in b/hal.conf.in
index 6790ee9..bfd6511 100644
--- a/hal.conf.in
+++ b/hal.conf.in
@@ -19,22 +19,37 @@
<allow send_destination="org.freedesktop.Hal"
send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_interface="org.freedesktop.Hal.Device"/>
- <allow send_interface="org.freedesktop.Hal.Manager"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Manager"/>
- <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
- <allow send_interface="org.freedesktop.Hal.Device.DockStation"/>
- <allow send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
- <allow send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
- <allow send_interface="org.freedesktop.Hal.Device.Leds"/>
- <allow send_interface="org.freedesktop.Hal.Device.LightSensor"/>
- <allow send_interface="org.freedesktop.Hal.Device.Storage"/>
- <allow send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
- <allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.DockStation"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Leds"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.LightSensor"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Storage"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Volume"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
</policy>
--
1.6.1.2
|
GitWeb