[Pkg-utopia-maintainers] [Pkg-bluetooth-maintainers] Bug#510644: Debian Bug#510644: bluetooth.conf needs alterations for new D-Bus

Filippo Giunchedi filippo at debian.org
Mon Jan 5 22:32:50 UTC 2009 

On Mon, Jan 05, 2009 at 08:32:58PM +0000, Simon McVittie wrote:
> >   <policy user="root">
> >     <allow own="org.bluez"/>
> >     <allow send_destination="org.bluez"/>
> 
> Looks fine so far...
> 
> >     <allow send_interface="org.bluez.Agent"/>
> 
> That will work but is not ideal; D-Bus upstream opinion seems to be that
> a bare "send_interface" without a corresponding send_destination is
> almost always an error (because it matches the corresponding interface on
> completely unrelated processes). Do Agent implementations have a well-known
> service name you can use?
> 
> Failing that, maybe you could at least match on object path as well as
> on interface?

Unfortunately they don't a well known service name nor object path, agents are
user-registered

> 
> (Sorry, I didn't spot that upstream had done this. This is
> <http://bugs.freedesktop.org/show_bug.cgi?id=18961>.
> <deny> with only a send_interface is certainly harmful; <allow> like
> this might be OK?)

That is <allow send_interface="org.bluez.Agent"/> ?

I think so, yes. (note that upstream 4.x uses org.bluez.Agent while 3.x (which
is debian) uses org.bluez.PasskeyAgent and org.bluez.AuthorizationAgent but they
basically the same)

> 
> >   <policy at_console="true">
> >     <allow receive_sender="org.bluez"/>
> >   </policy>
> 
> I think this is meant to be unnecessary in dbus 1.2.8 (and 1.2.1-5 in
> Debian, which has the patches backported).

I just retried and indeed it seems to work without, thanks for spotting this.

> 
> >   <policy context="default">
> >     <allow send_destination="org.bluez"/>
> >   </policy>
> 
> Is it safe for every local user to be able to call methods on the org.bluez
> service? If not, this needs fixing. To match the behaviour of the lenny
> bluetooth.conf it should be in <policy at_console="true">, but I don't
> think that ever actually worked on Debian systems unless you have
> libpam-foreground or ConsoleKit (and possibly not even then).

Mh, no it wouldn't be safe indeed.

> 
> Debian packages usually have a dual at_console/group-based policy for device
> accesses like this (e.g. members of powerdev and netdev can use various
> interfaces on hal even if they are not at_console), by duplicating the
> permissions of the at_console <policy> into a separate group policy. See
> NetworkManager's configuration in Debian, for instance.

Okay, given that using AF_BLUETOOTH sockets requires CAP_NET_ADMIN for some
ioctls I'd go for netdev group, makes sense?

thanks,
filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:

Either this man is dead or my watch has stopped.
-- Groucho Marx

More information about the Pkg-utopia-maintainers mailing list