Bug#762609: lintian: new checks: deprecated D-Bus policies
Package: lintian
Version: 2.5.27
Severity: wishlist
Tags: patch
The policy/ACL syntax in dbus-daemon's configuration files has a couple of
modes that are supported, but either deprecated or likely to be a bad idea:
* <policy at_console="true"> is considered deprecated, with the
recommendation that services wishing to behave differently for
locally-logged-in users should use PolicyKit;
* <(allow|deny) send_interface="..."> without an accompanying
send_destination attribute has a global effect on all bus clients,
not just the one the package's maintainer is thinking about,
so it should be avoided where possible
In the short term, I would like lintian.debian.org to tell me how many
of our packages fall foul of these traps; longer-term, I would like
lintian to complain about them so maintainers fix them.
Please consider the attached check. It is marked experimental, for now,
until I get a better idea of the size of the problem.
bluez_5.23-1_amd64.deb is one example of a package that triggers both
of these tags.
Regards,
S
-- System Information:
Debian Release: jessie/sid
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lintian depends on:
ii binutils 2.24.51.20140918-1
ii bzip2 1.0.6-7
ii diffstat 1.58-1
ii file 1:5.19-2
ii gettext 0.19.2-2
ii hardening-includes 2.5+nmu1
ii intltool-debian 0.35.0+20060710.1
ii libapt-pkg-perl 0.1.29+b2
ii libarchive-zip-perl 1.38-1
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.37-1+b1
ii libdpkg-perl 1.17.13
ii libemail-valid-perl 1.195-1
ii libfile-basedir-perl 0.03-1
ii libipc-run-perl 0.92-1
ii liblist-moreutils-perl 0.33-2+b1
ii libparse-debianchangelog-perl 1.2.0-1.1
ii libtext-levenshtein-perl 0.09-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.64-1
ii man-db 2.7.0-1
ii patchutils 0.3.3-1
ii perl [libdigest-sha-perl] 5.20.1-1
ii t1utils 1.37-2.1
Versions of packages lintian recommends:
ii libautodie-perl 2.25-1
ii libperlio-gzip-perl 0.18-3+b1
ii perl 5.20.1-1
ii perl-modules [libautodie-perl] 5.20.1-1
Versions of packages lintian suggests:
ii binutils-multiarch 2.24.51.20140918-1
ii dpkg-dev 1.17.13
ii libhtml-parser-perl 3.71-1+b2
ii libtext-template-perl 1.46-1
ii libyaml-perl 1.11-1
ii xz-utils 5.1.1alpha+20120614-2
-- no debconf information
>From d9bc5a624a066ded3ebf22806ddb2ff5d39c5a71 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Tue, 23 Sep 2014 18:36:21 +0100
Subject: [PATCH] Add checks for deprecated D-Bus policies
---
checks/dbus.desc | 57 +++++++++++++++++++++++++++++++++++++
checks/dbus.pm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 144 insertions(+)
create mode 100644 checks/dbus.desc
create mode 100644 checks/dbus.pm
diff --git a/checks/dbus.desc b/checks/dbus.desc
new file mode 100644
index 0000000..1fe8475
--- /dev/null
+++ b/checks/dbus.desc
@@ -0,0 +1,57 @@
+Check-Script: dbus
+Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
+Abbrev: dbus
+Type: binary
+Info: Checks for deprecated or harmful D-Bus configuration
+Needs-Info: unpacked
+
+Tag: dbus-policy-at-console
+Severity: normal
+Certainty: certain
+Info: The package contains D-Bus policy configuration that uses the
+ deprecated <tt>at_console</tt> condition to impose a different policy
+ for users who are "logged in at the console" according to
+ systemd-logind, ConsoleKit or similar APIs, such as:
+ .
+ <policy context="default">
+ <deny send_destination="com.example.PowerManagementDaemon"/>
+ </policy>
+ <policy at_console="true">
+ <allow send_destination="com.example.PowerManagementDaemon"/>
+ </policy>
+ .
+ The maintainers of D-Bus recommend that services should allow or deny
+ method calls according to broad categories that are not typically altered
+ by the system administrator (usually either "all users", or only root
+ and/or a specified system user). If finer-grained authorization
+ is required, the service should accept the method call message, then call
+ out to PolicyKit to decide whether to honor the request. PolicyKit can
+ use system-administrator-configurable policies to make that decision,
+ including distinguishing between users who are "at the console" and
+ those who are not.
+Ref: https://bugs.freedesktop.org/show_bug.cgi?id=39611
+Experimental: yes
+
+Tag: dbus-policy-without-send-destination
+Severity: normal
+Certainty: possible
+Info: The package contains D-Bus policy configuration that uses
+ one of the <tt>send_*</tt> conditions but does not specify a
+ <tt>send_destination</tt>.
+ .
+ Rules of the form
+ .
+ <allow send_interface="com.example.MyInterface"/>
+ .
+ allow messages with the given interface to be sent to <i>any</i>
+ service, not just the one installing the rule, which is rarely
+ what was intended.
+ .
+ Similarly, on the system bus, rules of the form
+ .
+ <deny send_interface="com.example.MyInterface"/>
+ .
+ are redundant with the system bus' default-deny policy, and have
+ unintended effects on other services.
+Ref: https://bugs.freedesktop.org/show_bug.cgi?id=18961,http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
+Experimental: yes
diff --git a/checks/dbus.pm b/checks/dbus.pm
new file mode 100644
index 0000000..9e9e16d
--- /dev/null
+++ b/checks/dbus.pm
@@ -0,0 +1,87 @@
+# dbus -- lintian check script, vaguely based on apache2 -*- perl -*-
+#
+# Copyright © 2012 Arno Töll
+# Copyright © 2014 Collabora Ltd.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::dbus;
+
+use strict;
+use warnings;
+use autodie;
+
+use Lintian::Tags qw(tag);
+
+sub run {
+ my ($pkg, $type, $info) = @_;
+
+ if ($type eq 'binary') {
+ foreach my $file ($info->sorted_index) {
+ next if $file->is_dir;
+
+ if ($file =~ m{^etc/dbus-1/(?:system|session).d/}) {
+ my $filename = $info->unpacked($file);
+ next if -l $filename;
+ _check_policy($file, $filename);
+ }
+ }
+ }
+ return;
+}
+
+sub _check_policy {
+ my $file = shift;
+ my $filename = shift;
+ my $callback = shift;
+
+ open(my $fh, '<', $filename);
+ my $xml;
+ {
+ local $/; # read-whole-file mode
+ $xml = <$fh>;
+ }
+ close $fh;
+
+ # Parsing XML via regexes is evil, but good enough here...
+ # note that we are parsing the entire file as one big string,
+ # so that we catch <policy\nat_console="true"\n> or whatever.
+
+ if ($xml =~ m{<policy[^>]+at_console=(["'])true\1.*?</policy>}s) {
+ tag('dbus-policy-at-console', $file);
+ }
+
+ my @rules;
+ while ($xml =~ m{(<(?:allow|deny)[^>]+send_\w+=[^>]+>)}sg) {
+ push @rules, $1;
+ }
+ foreach my $rule (@rules) {
+ if ($rule !~ m{send_destination=}) {
+ # normalize whitespace a bit
+ $rule =~ s{\s+}{ }g;
+ tag('dbus-policy-without-send-destination', $file, $rule);
+ }
+ }
+}
+
+1;
+
+# Local Variables:
+# indent-tabs-mode: nil
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl sw=4 sts=4 sr et
--
2.1.1
Reply to: