[Bug 1314527] Re: thermald: change the default dbus policy, make it more restrictive

Brian Murray brian at ubuntu.com
Wed Apr 30 14:31:22 UTC 2014 

** Also affects: thermald (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: thermald (Ubuntu Trusty)
    Milestone: None => trusty-updates

** Changed in: thermald (Ubuntu)
    Milestone: trusty-updates => None

** Changed in: thermald (Ubuntu Trusty)
       Status: New => In Progress

** Changed in: thermald (Ubuntu Trusty)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1314527

Title:
  thermald: change the default dbus policy, make it more restrictive

Status in “thermald” package in Ubuntu:
  In Progress
Status in “thermald” source package in Trusty:
  In Progress

Bug description:
  org.freedesktop.thermald.conf default dbus policy should be more
  restrictive

  ===

  SRU Justification:

  [Impact]

  With the current dbus policy one can terminate thermald using:

  dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
  thermald can be send dbus

  ..fortunately init respawns thermald, but the policy is not
  restrictive enough, only root should be able to do this.

  Justification:

  This fix restricts the default policy so only root can send dbus
  messages to thermald.

  [Test Case]

  How to reproduce:

  dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
  thermald can be send dbus

  then use: dmesg and see that init has respawned thermald (which means
  it received the dbus message and handled it)

  With the fix, the dbus-send message won't kill thermald and hence one
  won't see the re-spawn message in dmesg.

  [Regression Potential]

  Cannot think of any, low to none. Thermald is not a default install,
  it is a new packaging in Trusty and is currently op-in, so this change
  has minimal impact. Regression potential is that users won't be able
  to communicate to thermald via dbus-send, which is not the recommended
  way to shut down thermald anyhow.

  Tested today on an AMD64 trusty install.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thermald/+bug/1314527/+subscriptions

More information about the Ubuntu-sponsors mailing list