[Bug 1229280] Re: Eavesdroppers confined with AppArmor can see all method_return and error messages

Launchpad Bug Tracker 1229280 at bugs.launchpad.net
Tue Oct 8 01:19:01 UTC 2013 

This bug was fixed in the package dbus - 1.6.12-0ubuntu8

---------------
dbus (1.6.12-0ubuntu8) saucy; urgency=low

  * debian/patches/aa-kernel-compat-check.patch: Drop this patch. It was a
    temporary compatibility check to paper over incompatibilities between
    dbus-daemon, libapparmor, and the AppArmor kernel code while AppArmor
    D-Bus mediation was in development.
  * debian/patches/aa-mediation.patch: Fix a bug that resulted in all actions
    denied by AppArmor to be audited. Auditing such actions is the default,
    but it should be possible to quiet audit messages by using the "deny"
    AppArmor rule modifier. (LP: #1226356)
  * debian/patches/aa-mediation.patch: Fix a bug in the code that builds
    AppArmor queries for the process that is receiving a message. The
    message's destination was being used, as opposed to the message's source,
    as the peer name in the query string. (LP: #1233895)
  * debian/patches/aa-mediate-eavesdropping.patch: Don't allow applications
    that are confined by AppArmor to eavesdrop. Ideally, this would be
    configurable with AppArmor policy, but the parser does not yet support
    any type of eavesdropping permission. For now, confined applications will
    simply not be allowed to eavesdrop. (LP: #1229280)
 -- Tyler Hicks <tyhicks at canonical.com>   Fri, 04 Oct 2013 09:59:21 -0700

** Changed in: dbus (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1229280

Title:
  Eavesdroppers confined with AppArmor can see all method_return and
  error messages

Status in “dbus” package in Ubuntu:
  Fix Released

Bug description:
  The AppArmor mediation code in dbus-daemon contains short circuits
  that allow method_return and error messages to pass through without
  being mediated. The thought is that the original message was allowed,
  so the reply should be allowed. However, D-Bus allows eavesdropping
  and the short circuits allow the eavesdropper to receive any
  method_return and error messages, even if the eavesdropper was not
  allowed to receive the original message.

  $ echo "profile eve { file, dbus interface=org.freedesktop.DBus member={Hello,AddMatch}, }" | sudo apparmor_parser -qr
  $ aa-exec -p eve -- dbus-monitor --session
  ...
  method return sender=:1.15 -> dest=:1.51 reply_serial=27845
     string "/org/ayatana/bamf/window/83886084"
  method return sender=:1.15 -> dest=:1.51 reply_serial=27846
     string "/org/ayatana/bamf/window/83886084"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1229280/+subscriptions

More information about the Ubuntu-sponsors mailing list