[Bug 1314527] Re: thermald: change the default dbus policy, make it more restrictive

Adam Conrad adconrad at 0c3.net
Thu May 1 07:59:35 UTC 2014 

Hello Colin, or anyone else affected,

Accepted thermald into trusty-proposed. The package will build now and
be available at
http://launchpad.net/ubuntu/+source/thermald/1.1~rc2-11ubuntu0.1 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: thermald (Ubuntu Trusty)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1314527

Title:
  thermald: change the default dbus policy, make it more restrictive

Status in “thermald” package in Ubuntu:
  In Progress
Status in “thermald” source package in Trusty:
  Fix Committed

Bug description:
  org.freedesktop.thermald.conf default dbus policy should be more
  restrictive

  ===

  SRU Justification:

  [Impact]

  With the current dbus policy one can terminate thermald using:

  dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
  thermald can be send dbus

  ..fortunately init respawns thermald, but the policy is not
  restrictive enough, only root should be able to do this.

  Justification:

  This fix restricts the default policy so only root can send dbus
  messages to thermald.

  [Test Case]

  How to reproduce:

  dbus-send --system --dest=org.freedesktop.thermald /org/freedesktop/thermald org.freedesktop.thermald.Terminate
  thermald can be send dbus

  then use: dmesg and see that init has respawned thermald (which means
  it received the dbus message and handled it)

  With the fix, the dbus-send message won't kill thermald and hence one
  won't see the re-spawn message in dmesg.

  [Regression Potential]

  Cannot think of any, low to none. Thermald is not a default install,
  it is a new packaging in Trusty and is currently op-in, so this change
  has minimal impact. Regression potential is that users won't be able
  to communicate to thermald via dbus-send, which is not the recommended
  way to shut down thermald anyhow.

  Tested today on an AMD64 trusty install.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thermald/+bug/1314527/+subscriptions

More information about the Ubuntu-sponsors mailing list