thermald: change the default dbus policy, make it more restrictive
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thermald (Ubuntu) |
Fix Released
|
Medium
|
Colin Ian King | ||
Trusty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
org.freedesktop
===
SRU Justification:
[Impact]
With the current dbus policy one can terminate thermald using:
dbus-send --system --dest=
thermald can be send dbus
..fortunately init respawns thermald, but the policy is not restrictive enough, only root should be able to do this.
Justification:
This fix restricts the default policy so only root can send dbus messages to thermald.
[Test Case]
How to reproduce:
dbus-send --system --dest=
thermald can be send dbus
then use: dmesg and see that init has respawned thermald (which means it received the dbus message and handled it)
With the fix, the dbus-send message won't kill thermald and hence one won't see the re-spawn message in dmesg.
[Regression Potential]
Cannot think of any, low to none. Thermald is not a default install, it is a new packaging in Trusty and is currently op-in, so this change has minimal impact. Regression potential is that users won't be able to communicate to thermald via dbus-send, which is not the recommended way to shut down thermald anyhow.
Tested today on an AMD64 trusty install.
Changed in thermald (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Colin King (colin-king) |
milestone: | none → trusty-updates |
summary: |
- thernald: change the default dbus policy, make it more restrictive + thermald: change the default dbus policy, make it more restrictive |
description: | updated |
Changed in thermald (Ubuntu Trusty): | |
milestone: | none → trusty-updates |
Changed in thermald (Ubuntu): | |
milestone: | trusty-updates → none |
Changed in thermald (Ubuntu Trusty): | |
status: | New → In Progress |
importance: | Undecided → Medium |
Attached is a debdiff with the fix to set the dbus policy correctly.