SRU Justification: [Impact]
With the current dbus policy one can terminate thermald using: dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate thermald can be send dbus ..fortunately init respawns thermald, but the policy is not restrictive enough, only root should be able to do this. Justification: This fix restricts the default policy so only root can send dbus messages to thermald. [Test Case] How to reproduce: dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate thermald can be send dbus then use: dmesg and see that init has respawned thermald (which means it received the dbus message and handled it) With the fix, the dbus-send message won't kill thermald and hence one won't see the re-spawn message in dmesg. [Regression Potential] Cannot think of any, low to none. Thermald is not a default install, it is a new packaging in Trusty and is currently op-in, so this change has minimal impact. Regression potential is that users won't be able to communicate to thermald via dbus-send, which is not the recommended way to shut down thermald anyhow. Tested today on an AMD64 trusty install. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1314527 Title: thermald: change the default dbus policy, make it more restrictive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thermald/+bug/1314527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs