Package: lintian Version: 2.5.27 Severity: wishlist Tags: patch The policy/ACL syntax in dbus-daemon's configuration files has a couple of modes that are supported, but either deprecated or likely to be a bad idea:
* <policy at_console="true"> is considered deprecated, with the recommendation that services wishing to behave differently for locally-logged-in users should use PolicyKit; * <(allow|deny) send_interface="..."> without an accompanying send_destination attribute has a global effect on all bus clients, not just the one the package's maintainer is thinking about, so it should be avoided where possible In the short term, I would like lintian.debian.org to tell me how many of our packages fall foul of these traps; longer-term, I would like lintian to complain about them so maintainers fix them. Please consider the attached check. It is marked experimental, for now, until I get a better idea of the size of the problem. bluez_5.23-1_amd64.deb is one example of a package that triggers both of these tags. Regards, S -- System Information: Debian Release: jessie/sid APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lintian depends on: ii binutils 2.24.51.20140918-1 ii bzip2 1.0.6-7 ii diffstat 1.58-1 ii file 1:5.19-2 ii gettext 0.19.2-2 ii hardening-includes 2.5+nmu1 ii intltool-debian 0.35.0+20060710.1 ii libapt-pkg-perl 0.1.29+b2 ii libarchive-zip-perl 1.38-1 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.37-1+b1 ii libdpkg-perl 1.17.13 ii libemail-valid-perl 1.195-1 ii libfile-basedir-perl 0.03-1 ii libipc-run-perl 0.92-1 ii liblist-moreutils-perl 0.33-2+b1 ii libparse-debianchangelog-perl 1.2.0-1.1 ii libtext-levenshtein-perl 0.09-1 ii libtimedate-perl 2.3000-2 ii liburi-perl 1.64-1 ii man-db 2.7.0-1 ii patchutils 0.3.3-1 ii perl [libdigest-sha-perl] 5.20.1-1 ii t1utils 1.37-2.1 Versions of packages lintian recommends: ii libautodie-perl 2.25-1 ii libperlio-gzip-perl 0.18-3+b1 ii perl 5.20.1-1 ii perl-modules [libautodie-perl] 5.20.1-1 Versions of packages lintian suggests: ii binutils-multiarch 2.24.51.20140918-1 ii dpkg-dev 1.17.13 ii libhtml-parser-perl 3.71-1+b2 ii libtext-template-perl 1.46-1 ii libyaml-perl 1.11-1 ii xz-utils 5.1.1alpha+20120614-2 -- no debconf information
>From d9bc5a624a066ded3ebf22806ddb2ff5d39c5a71 Mon Sep 17 00:00:00 2001 From: Simon McVittie <simon.mcvit...@collabora.co.uk> Date: Tue, 23 Sep 2014 18:36:21 +0100 Subject: [PATCH] Add checks for deprecated D-Bus policies --- checks/dbus.desc | 57 +++++++++++++++++++++++++++++++++++++ checks/dbus.pm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 checks/dbus.desc create mode 100644 checks/dbus.pm diff --git a/checks/dbus.desc b/checks/dbus.desc new file mode 100644 index 0000000..1fe8475 --- /dev/null +++ b/checks/dbus.desc @@ -0,0 +1,57 @@ +Check-Script: dbus +Author: Simon McVittie <simon.mcvit...@collabora.co.uk> +Abbrev: dbus +Type: binary +Info: Checks for deprecated or harmful D-Bus configuration +Needs-Info: unpacked + +Tag: dbus-policy-at-console +Severity: normal +Certainty: certain +Info: The package contains D-Bus policy configuration that uses the + deprecated <tt>at_console</tt> condition to impose a different policy + for users who are "logged in at the console" according to + systemd-logind, ConsoleKit or similar APIs, such as: + . + <policy context="default"> + <deny send_destination="com.example.PowerManagementDaemon"/> + </policy> + <policy at_console="true"> + <allow send_destination="com.example.PowerManagementDaemon"/> + </policy> + . + The maintainers of D-Bus recommend that services should allow or deny + method calls according to broad categories that are not typically altered + by the system administrator (usually either "all users", or only root + and/or a specified system user). If finer-grained authorization + is required, the service should accept the method call message, then call + out to PolicyKit to decide whether to honor the request. PolicyKit can + use system-administrator-configurable policies to make that decision, + including distinguishing between users who are "at the console" and + those who are not. +Ref: https://bugs.freedesktop.org/show_bug.cgi?id=39611 +Experimental: yes + +Tag: dbus-policy-without-send-destination +Severity: normal +Certainty: possible +Info: The package contains D-Bus policy configuration that uses + one of the <tt>send_*</tt> conditions but does not specify a + <tt>send_destination</tt>. + . + Rules of the form + . + <allow send_interface="com.example.MyInterface"/> + . + allow messages with the given interface to be sent to <i>any</i> + service, not just the one installing the rule, which is rarely + what was intended. + . + Similarly, on the system bus, rules of the form + . + <deny send_interface="com.example.MyInterface"/> + . + are redundant with the system bus' default-deny policy, and have + unintended effects on other services. +Ref: https://bugs.freedesktop.org/show_bug.cgi?id=18961,http://lists.freedesktop.org/archives/dbus/2008-February/009401.html +Experimental: yes diff --git a/checks/dbus.pm b/checks/dbus.pm new file mode 100644 index 0000000..9e9e16d --- /dev/null +++ b/checks/dbus.pm @@ -0,0 +1,87 @@ +# dbus -- lintian check script, vaguely based on apache2 -*- perl -*- +# +# Copyright © 2012 Arno Töll +# Copyright © 2014 Collabora Ltd. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::dbus; + +use strict; +use warnings; +use autodie; + +use Lintian::Tags qw(tag); + +sub run { + my ($pkg, $type, $info) = @_; + + if ($type eq 'binary') { + foreach my $file ($info->sorted_index) { + next if $file->is_dir; + + if ($file =~ m{^etc/dbus-1/(?:system|session).d/}) { + my $filename = $info->unpacked($file); + next if -l $filename; + _check_policy($file, $filename); + } + } + } + return; +} + +sub _check_policy { + my $file = shift; + my $filename = shift; + my $callback = shift; + + open(my $fh, '<', $filename); + my $xml; + { + local $/; # read-whole-file mode + $xml = <$fh>; + } + close $fh; + + # Parsing XML via regexes is evil, but good enough here... + # note that we are parsing the entire file as one big string, + # so that we catch <policy\nat_console="true"\n> or whatever. + + if ($xml =~ m{<policy[^>]+at_console=(["'])true\1.*?</policy>}s) { + tag('dbus-policy-at-console', $file); + } + + my @rules; + while ($xml =~ m{(<(?:allow|deny)[^>]+send_\w+=[^>]+>)}sg) { + push @rules, $1; + } + foreach my $rule (@rules) { + if ($rule !~ m{send_destination=}) { + # normalize whitespace a bit + $rule =~ s{\s+}{ }g; + tag('dbus-policy-without-send-destination', $file, $rule); + } + } +} + +1; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et -- 2.1.1