[Bug 1314527] Re: thermald: change the default dbus policy, make it more restrictive

Andy Whitcroft apw at canonical.com
Wed Apr 30 11:05:28 UTC 2014 

** Description changed:

  org.freedesktop.thermald.conf default dbus policy should be more
  restrictive
+ 
+ ===
+ 
+ SRU Justification:
+ 
+ [Impact]
+ 
+ With the current dbus policy one can terminate thermald using:
+ 
+ dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
+ thermald can be send dbus
+ 
+ ..fortunately init respawns thermald, but the policy is not restrictive
+ enough, only root should be able to do this.
+ 
+ Justification:
+ 
+ This fix restricts the default policy so only root can send dbus
+ messages to thermald.
+ 
+ [Test Case]
+ 
+ How to reproduce:
+ 
+ dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
+ thermald can be send dbus
+ 
+ then use: dmesg and see that init has respawned thermald (which means it
+ received the dbus message and handled it)
+ 
+ With the fix, the dbus-send message won't kill thermald and hence one
+ won't see the re-spawn message in dmesg.
+ 
+ [Regression Potential]
+ 
+ Cannot think of any, low to none. Thermald is not a default install, it
+ is a new packaging in Trusty and is currently op-in, so this change has
+ minimal impact. Regression potential is that users won't be able to
+ communicate to thermald via dbus-send, which is not the recommended way
+ to shut down thermald anyhow.
+ 
+ Tested today on an AMD64 trusty install.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1314527

Title:
  thermald: change the default dbus policy, make it more restrictive

Status in “thermald” package in Ubuntu:
  In Progress

Bug description:
  org.freedesktop.thermald.conf default dbus policy should be more
  restrictive

  ===

  SRU Justification:

  [Impact]

  With the current dbus policy one can terminate thermald using:

  dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
  thermald can be send dbus

  ..fortunately init respawns thermald, but the policy is not
  restrictive enough, only root should be able to do this.

  Justification:

  This fix restricts the default policy so only root can send dbus
  messages to thermald.

  [Test Case]

  How to reproduce:

  dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
  thermald can be send dbus

  then use: dmesg and see that init has respawned thermald (which means
  it received the dbus message and handled it)

  With the fix, the dbus-send message won't kill thermald and hence one
  won't see the re-spawn message in dmesg.

  [Regression Potential]

  Cannot think of any, low to none. Thermald is not a default install,
  it is a new packaging in Trusty and is currently op-in, so this change
  has minimal impact. Regression potential is that users won't be able
  to communicate to thermald via dbus-send, which is not the recommended
  way to shut down thermald anyhow.

  Tested today on an AMD64 trusty install.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thermald/+bug/1314527/+subscriptions

More information about the Ubuntu-sponsors mailing list