[Bug 1229280] Re: Eavesdroppers confined with AppArmor can see all method_return and error messages

Tyler Hicks tyhicks at canonical.com
Fri Oct 4 19:14:49 UTC 2013 

This debdiff fixes this bug along with fixes for bug #1226356, bug #1233895,
and removes a compatibility patch that was not intended to make the 13.10
release.

Testing performed:
 - Added tests for AppArmor mediation to QRT's test-dbus.py script:
   http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/2001
 - Added tests for audit and deny AppArmor rule modifiers (bug #1226356) to
   QRT's test-dbus.py script:
   http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/2002
 - Manually verified that 'deny' and 'audit deny' dbus rules work as expected
   (bug #1226356)
 - Added eavesdropping mediation tests (for this bug) to QRT's test-dbus.py
   script:
   http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/2002
 - Verified that test-dbus.py, which uses python-dbus, passes all tests
 - Verified that the AppArmor regression tests for dbus rules, which uses
   libdbus, pass all tests:
   http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/tests/regression/apparmor/dbus_message.sh
   http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/tests/regression/apparmor/dbus_service.sh


** Patch added: "dbus_1.6.12-0ubuntu8.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1229280/+attachment/3860043/+files/dbus_1.6.12-0ubuntu8.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1229280

Title:
  Eavesdroppers confined with AppArmor can see all method_return and
  error messages

Status in “dbus” package in Ubuntu:
  In Progress

Bug description:
  The AppArmor mediation code in dbus-daemon contains short circuits
  that allow method_return and error messages to pass through without
  being mediated. The thought is that the original message was allowed,
  so the reply should be allowed. However, D-Bus allows eavesdropping
  and the short circuits allow the eavesdropper to receive any
  method_return and error messages, even if the eavesdropper was not
  allowed to receive the original message.

  $ echo "profile eve { file, dbus interface=org.freedesktop.DBus member={Hello,AddMatch}, }" | sudo apparmor_parser -qr
  $ aa-exec -p eve -- dbus-monitor --session
  ...
  method return sender=:1.15 -> dest=:1.51 reply_serial=27845
     string "/org/ayatana/bamf/window/83886084"
  method return sender=:1.15 -> dest=:1.51 reply_serial=27846
     string "/org/ayatana/bamf/window/83886084"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1229280/+subscriptions

More information about the foundations-bugs mailing list