Bug#1050493: gnome-settings-daemon: this issue happens beyond just upgrades
jan kapoli
jankapoli at proton.me
Fri Nov 15 20:40:57 GMT 2024
Package: gnome-settings-daemon
Version: 43.0-4
Followup-For: Bug #1050493
X-Debbugs-Cc: jankapoli at proton.me
Dear Maintainer,
this issue crops up time and time again and is not exclusive to dist
upgrades. The following rule randomly appears when running `usbguard
list-rules`:
9: allow id *:* label 'GNOME_SETTINGS_DAEMON_RULE"
I removed the rule multiple times on the same system, yet
somehow it reappears, tho quite infrequently. I have not yet been able
to point out what causes the rule to be added, only that it happens
automatically, without user trigger.
I want to stress the severity of the issue. I am using this laptop for
presentations, where I often plug external drives into it from third
parties. I use usbguard to block all input devices possibly
masquarading as mass storage devices. The rule in question allows ALL
devices automatically, severly undermining my security.
I also question upstreams intention with such a rule. Dconf has limited
control over usbguard. The inital report mentions setting
`org.gnome.desktop.privacy usb-protection-level` to `always`. This is a
workaround, not a solution! In no state should Gnome's usb protection
settings override other usbguard rules from other sources.
This workaround also has no effect when usb protection on Gnome is
disabled. I have the following gsettings from install, on all users, no
changes made to them since:
org.gnome.desktop.privacy usb-protection false
org.gnome.desktop.privacy usb-protection-level lockscreen
yet the offending rule often reappears.
from: jan kapoli
-- System Information:
Debian Release: 12.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-27-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8 at custom, LC_CTYPE=en_US.utf8 at custom (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8 at custom), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnome-settings-daemon depends on:
ii gnome-settings-daemon-common 43.0-4
ii gsettings-desktop-schemas 43.0-1
ii libasound2 1.2.8-1+b1
ii libc6 2.36-9+deb12u9
ii libcairo2 1.16.0-7
ii libcanberra-gtk3-0 0.30-10
ii libcanberra0 0.30-10
ii libcolord2 1.4.6-2.2
ii libcups2 2.4.2-3+deb12u8
ii libfontconfig1 2.14.1-4
ii libgcr-base-3-1 3.41.1-1+b1
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+deb12u1
ii libgeoclue-2-0 2.6.0-2
ii libgeocode-glib-2-0 3.26.3-6
ii libglib2.0-0 2.74.6-2+deb12u4
ii libgnome-desktop-3-20 43.2-2
ii libgtk-3-0 3.24.38-2~deb12u3
ii libgudev-1.0-0 237-2
ii libgweather-4-0 4.2.0-2
ii libmm-glib0 1.20.4-1
ii libnm0 1.42.4-1
ii libnotify4 0.8.1-1
ii libnspr4 2:4.35-1
ii libnss3 2:3.87.1-1+deb12u1
ii libpam-systemd [logind] 252.31-1~deb12u1
ii libpango-1.0-0 1.50.12+ds-1
ii libpangocairo-1.0-0 1.50.12+ds-1
ii libpolkit-gobject-1-0 122-3
ii libpulse-mainloop-glib0 16.1+dfsg1-2+b1
ii libpulse0 16.1+dfsg1-2+b1
ii libspa-0.2-bluetooth 0.3.65-3+deb12u1
ii libupower-glib3 0.99.20-2
ii libwacom9 2.6.0-1
ii libwayland-client0 1.21.0-1
ii libx11-6 2:1.8.4-2+deb12u2
ii libxext6 2:1.3.4-1+b1
ii libxfixes3 1:6.0.0-2
ii libxi6 2:1.8-1+b1
ii pipewire-audio 0.3.65-3+deb12u1
Versions of packages gnome-settings-daemon recommends:
ii iio-sensor-proxy 3.0-2
ii pipewire-audio 0.3.65-3+deb12u1
ii pkexec 122-3
ii x11-xserver-utils 7.7+9+b1
Versions of packages gnome-settings-daemon suggests:
ii usbguard 1.1.2+ds-3+b1
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list