[Pkg-utopia-maintainers] Bug#589979: Bug#589979: dbus-daemon-launch-helper needs to be a+x to work

Fri Jul 23 15:36:00 UTC 2010

Hi Michael,

On Fri, 2010-07-23 at 00:01 +0200, Michael Biebl wrote:
> On 22.07.2010 18:55, Christian Weeks wrote:
> > Package: dbus
> > Version: 1.2.24-2
> > Severity: important
> > 
> > Hi,
> > I noted on 569058 that the problem seen in 569058 is not
> > restricted to btrfs filesystems. Since you have closed that bug
> > I feel that it is important to open a new bug, because this problem
> > is still occuring for me, on every single upgrade of dbus on any
> > of my computers.
> > 
> > Basically, if I don't chmod a+x /usr/lib/dbus-1.0/dbus-daemon-launch-helper
> > then very little of my desktop environments work: pulse is broken, 
> > menus are broken, launching apps is broken. Basically, the entire gnome
> > desktop is broken (not surprising given how much is dependent on dbus).
> > 
> > The only hypothesis I have (because I am NOT using btrfs, I am using ext3
> > on LVM) is that it's actually to do with LDAP in some way, because all
> > real local users are actually in an LDAP repository. I would guess that 
> > somehow that's breaking the helper's user credentials (though the messagebus
> > user _is_ a local user, not an LDAP user).
> > 
> > Given that I see this on at least 2 different desktops, I think it's pretty 
> > reproducible, and spans many versions of dbus now.
> > 
> 
> To follow up on this:
> 
> I don't think your particular issue is related to 569058.
> 569058 was about the setuid bit not being set correctly.
> From your comment on 569058, where you showed an ls -la of the helper, the
> setuid was set correctly.

OK. Here's ls -al now. Setuid is correct, but it's not correct because
the o+x bit has to be set as well, otherwise it doesn't work (the
package ships with o-x)

-rwsr-xr-x 1 root messagebus 45936 Jul 17
09:31 /usr/lib/dbus-1.0/dbus-daemon-launch-helper

I have to manually, on each upgrade of dbus, do the chmod to add o+x,
otherwise DBus fails to launch stuff. (This is probably a big security
hole which is why it's not set that way but..) If I change it back
(chmod o-x) my desktop will break again. I know it's NOT supposed to be
chmod o+x, that is clear, but something is causing it to break in my
environments if it's not.

You're right that it probably isn't directly 569058, but that's what
grabbed my attention to this problem, and yesterday (for me) a new dbus
dropped in unstable and reminded me of this problem.

> 
> To understand you correctly: are you saying, that the messagebus user is only
> stored in LDAP? (if so, that's a very bad idea btw) and I guess the ldap service
> runs after the dbus service (check /etc/rc2.d/)?

Nope. messagebus is a local user (from /etc/passwd):
messagebus:x:101:104::/var/run/dbus:/bin/false

It's local (and a different id) on each machine. The local desktop
users, _are_ however, sourced from LDAP. LDAP is remote by the way.

> Under which user is your dbus system bus process running (ps aux | grep dbus)?
> 
dbus appears to be running as messagebus:
> 
101       2492  0.0  0.0  56664  3204 ?        Ss   Jul22   0:02 /usr/bin/dbus-daemon --system

However, when it tries to use it's helper, I get this:

devkit-power-gobject-WARNING: Error invoking GetAll() to get properties: Failed to execute program /usr/lib/dbus-1.0/dbus-daemon-launch-helper: Success

The only way to fix is the chmod o+x. This happens with any service that gets launched
through the launcher btw: so far pulseaudio, devkit, powerkit, consolekit, polkit.

They all break and make the desktop basically unusable.

This happens on at least two different machines by the way. Both are configured for LDAP users.

> I'll keep this bug closed, as it smells very much like a local misconfiguration.

Fine, however, I don't understand how I have misconfigured, if I have.
It was a working setup for the prior three years and only broke when the
new dbus landed about 6 months ago (The upgrade from dbus 1.2.16-2 to
1.2.20-2 is where I noticed the problem start occuring).
> 
> Michael
> 
> 
> 
> 