Bug 85036 - location: buildtime option to restrict location into a particular user only
Summary: location: buildtime option to restrict location into a particular user only
Status: RESOLVED MOVED
Alias: None
Product: ModemManager
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium minor
Assignee: ModemManager bug user
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-15 08:24 UTC by Aleksander Morgado
Modified: 2018-06-10 09:02 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments

Description Aleksander Morgado 2014-10-15 08:24:24 UTC
Originally reported at:
  https://bugzilla.gnome.org/show_bug.cgi?id=724543
Please refer to the original bug report if more details are needed.

Currently, every user which is able to access the ModemManager interfaces is able to read the Location information, which is given in two different ways:
 * Via GetLocation() request/responses.
 * Via Location property read/updates.

In order to restrict who can read the location information to just the geoclue user (and root), ModemManager should have a build-time option where a given username is specified. This username should be the one used to run the geoclue client that access MM.

Once the buildtime option is enabled:
 * Location property read/updates will be disabled. There is currently no easy way to manage this access control at DBus-level, especially for the property update notifications via the PropertiesChanged signal.
 * The only way to retrieve location information will be through GetLocation() request/responses, which will validate the remote user to ensure it's either root or the geoclue user.

An initial implementation is already available in the "aleksander/limited-location-user" branch in upstream git:
http://cgit.freedesktop.org/ModemManager/ModemManager/log/?h=aleksander/limited-location-user
Comment 1 GitLab Migration User 2018-06-10 09:02:17 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/issues/24.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.