| Summary: | DBus policy errors | ||
|---|---|---|---|
| Product: | GeoClue | Reporter: | Giovanni Campagna <scampa.giovanni> |
| Component: | service | Assignee: | Geoclue Bugs <geoclue-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | CC: | scampa.giovanni |
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
|
Description
Giovanni Campagna
2014-02-24 14:37:18 UTC
(In reply to comment #0) > In current geoclue master, there are a number of DBus policy errors: > > 1) The Agent configuration allows DBus.Properties for the default context, > thus allowing any message on that interface from any user to any > destination. This is wrong, and only the geoclue user should be allowed that. Sure, although currently its not a problem as we only have read-only props on agent. > 2) geoclue is not allowed to talk to NetworkManager (which only allows > logged in users). This is not a problem is geoclue is running as root, but > if it's running as geoclue the call fails with > feb 24 15:27:16 giovanni-laptop geoclue[11378]: ** (geoclue:11378): WARNING > **: Could not initialize NMClient /org/freedesktop/NetworkManager: Rejected > send message, 3 matched rules; type="method_call", sender=":1.637" (uid=984 > pid=11378 comm="/opt/gnome/libexec/geoclue -t 5 ") > interface="org.freedesktop.NetworkManager" member="GetPermissions" error > name="(unset)" requested_reply="0" > destination="org.freedesktop.NetworkManager" (uid=0 pid=11404 > comm="/usr/sbin/NetworkManager --no-daemon ") Wha? I have been running geoclue as 'geoclue' user and I haven't gotten any such error from NM on Fedora 20. Also, shouldn't this be fixed in NM rather? > (and similar for GetSettings etc) > Immediately after geoclue crashes because nm_client_new() returns NULL. Ah that explains the crash that was reported today on rawhide. :) I haved fixed that crash fwiw. (In reply to comment #1) > (In reply to comment #0) > > In current geoclue master, there are a number of DBus policy errors: > > > > 1) The Agent configuration allows DBus.Properties for the default context, > > thus allowing any message on that interface from any user to any > > destination. This is wrong, and only the geoclue user should be allowed that. > > Sure, although currently its not a problem as we only have read-only props > on agent. > > > 2) geoclue is not allowed to talk to NetworkManager (which only allows > > logged in users). This is not a problem is geoclue is running as root, but > > if it's running as geoclue the call fails with > > feb 24 15:27:16 giovanni-laptop geoclue[11378]: ** (geoclue:11378): WARNING > > **: Could not initialize NMClient /org/freedesktop/NetworkManager: Rejected > > send message, 3 matched rules; type="method_call", sender=":1.637" (uid=984 > > pid=11378 comm="/opt/gnome/libexec/geoclue -t 5 ") > > interface="org.freedesktop.NetworkManager" member="GetPermissions" error > > name="(unset)" requested_reply="0" > > destination="org.freedesktop.NetworkManager" (uid=0 pid=11404 > > comm="/usr/sbin/NetworkManager --no-daemon ") > > Wha? I have been running geoclue as 'geoclue' user and I haven't gotten any > such error from NM on Fedora 20. Ah nm, I login as 'geoclue' user so never encountered this. :) (In reply to comment #1) > (In reply to comment #0) > > In current geoclue master, there are a number of DBus policy errors: > > > > 1) The Agent configuration allows DBus.Properties for the default context, > > thus allowing any message on that interface from any user to any > > destination. This is wrong, and only the geoclue user should be allowed that. > > Sure, although currently its not a problem as we only have read-only props > on agent. And that's why the current configuration is a problem: you're opening fdo.Properties to and from every dbus connection on the system bus! > > 2) geoclue is not allowed to talk to NetworkManager (which only allows > > logged in users). This is not a problem is geoclue is running as root, but > > if it's running as geoclue the call fails with > > feb 24 15:27:16 giovanni-laptop geoclue[11378]: ** (geoclue:11378): WARNING > > **: Could not initialize NMClient /org/freedesktop/NetworkManager: Rejected > > send message, 3 matched rules; type="method_call", sender=":1.637" (uid=984 > > pid=11378 comm="/opt/gnome/libexec/geoclue -t 5 ") > > interface="org.freedesktop.NetworkManager" member="GetPermissions" error > > name="(unset)" requested_reply="0" > > destination="org.freedesktop.NetworkManager" (uid=0 pid=11404 > > comm="/usr/sbin/NetworkManager --no-daemon ") > > Wha? I have been running geoclue as 'geoclue' user and I haven't gotten any > such error from NM on Fedora 20. > > Also, shouldn't this be fixed in NM rather? So you think that NM should allow such calls from anywhere instead of just at console? (In reply to comment #3) > (In reply to comment #1) > > (In reply to comment #0) > > > In current geoclue master, there are a number of DBus policy errors: > > > > > > 1) The Agent configuration allows DBus.Properties for the default context, > > > thus allowing any message on that interface from any user to any > > > destination. This is wrong, and only the geoclue user should be allowed that. > > > > Sure, although currently its not a problem as we only have read-only props > > on agent. > > And that's why the current configuration is a problem: you're opening > fdo.Properties to and from every dbus connection on the system bus! Ouch, I only understood now. This a *huge* issue. :( Will look into fixing this one at least today. > > > 2) geoclue is not allowed to talk to NetworkManager (which only allows > > > logged in users). This is not a problem is geoclue is running as root, but > > > if it's running as geoclue the call fails with > > > feb 24 15:27:16 giovanni-laptop geoclue[11378]: ** (geoclue:11378): WARNING > > > **: Could not initialize NMClient /org/freedesktop/NetworkManager: Rejected > > > send message, 3 matched rules; type="method_call", sender=":1.637" (uid=984 > > > pid=11378 comm="/opt/gnome/libexec/geoclue -t 5 ") > > > interface="org.freedesktop.NetworkManager" member="GetPermissions" error > > > name="(unset)" requested_reply="0" > > > destination="org.freedesktop.NetworkManager" (uid=0 pid=11404 > > > comm="/usr/sbin/NetworkManager --no-daemon ") > > > > Wha? I have been running geoclue as 'geoclue' user and I haven't gotten any > > such error from NM on Fedora 20. > > > > Also, shouldn't this be fixed in NM rather? > > So you think that NM should allow such calls from anywhere instead of just > at console? No, it should provide a way to make exception for particular users so distros can use it to allow access to geoclue user. (In reply to comment #4) > (In reply to comment #3) > > (In reply to comment #1) > > > (In reply to comment #0) > > > > In current geoclue master, there are a number of DBus policy errors: > > > > > > > > 1) The Agent configuration allows DBus.Properties for the default context, > > > > thus allowing any message on that interface from any user to any > > > > destination. This is wrong, and only the geoclue user should be allowed that. > > > > > > Sure, although currently its not a problem as we only have read-only props > > > on agent. > > > > And that's why the current configuration is a problem: you're opening > > fdo.Properties to and from every dbus connection on the system bus! > > Ouch, I only understood now. This a *huge* issue. :( Will look into fixing > this one at least today. On closer look, I'm not sure how to solve this without having to break agent API. :( It doesn't and can't register a unique name on the bus as its run per-user. Since the interface here is the generic Properties interface, the only thing we can identify the connections is with object paths. Currently that is different for each user so I guess I gotta change that. :( > > > > 2) geoclue is not allowed to talk to NetworkManager (which only allows > > > > logged in users). This is not a problem is geoclue is running as root, but > > > > if it's running as geoclue the call fails with > > > > feb 24 15:27:16 giovanni-laptop geoclue[11378]: ** (geoclue:11378): WARNING > > > > **: Could not initialize NMClient /org/freedesktop/NetworkManager: Rejected > > > > send message, 3 matched rules; type="method_call", sender=":1.637" (uid=984 > > > > pid=11378 comm="/opt/gnome/libexec/geoclue -t 5 ") > > > > interface="org.freedesktop.NetworkManager" member="GetPermissions" error > > > > name="(unset)" requested_reply="0" > > > > destination="org.freedesktop.NetworkManager" (uid=0 pid=11404 > > > > comm="/usr/sbin/NetworkManager --no-daemon ") > > > > > > Wha? I have been running geoclue as 'geoclue' user and I haven't gotten any > > > such error from NM on Fedora 20. > > > > > > Also, shouldn't this be fixed in NM rather? > > > > So you think that NM should allow such calls from anywhere instead of just > > at console? > > No, it should provide a way to make exception for particular users so > distros can use it to allow access to geoclue user. You can also give the geoclue user full access to DBus.Properties on any object. It is less safe, but it's a trusted user, so it's not a big issue. OK, both these should be fixed in git master now. Although I've tested the changes a bit, would appreciate it if someone else can test on their end as well. I can then roll out a bugfix release. The required gnome-shell patch has been provided as well: https://bugzilla.gnome.org/show_bug.cgi?id=725082 OK, marking this as FIXED and will roll out a release soon. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.