--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: lintian: new checks: deprecated D-Bus policies
- From: Simon McVittie <smcv@debian.org>
- Date: Tue, 23 Sep 2014 18:47:59 +0100
- Message-id: <20140923174759.GA12384@reptile.pseudorandom.co.uk>
Package: lintian
Version: 2.5.27
Severity: wishlist
Tags: patch
The policy/ACL syntax in dbus-daemon's configuration files has a couple of
modes that are supported, but either deprecated or likely to be a bad idea:
* <policy at_console="true"> is considered deprecated, with the
recommendation that services wishing to behave differently for
locally-logged-in users should use PolicyKit;
* <(allow|deny) send_interface="..."> without an accompanying
send_destination attribute has a global effect on all bus clients,
not just the one the package's maintainer is thinking about,
so it should be avoided where possible
In the short term, I would like lintian.debian.org to tell me how many
of our packages fall foul of these traps; longer-term, I would like
lintian to complain about them so maintainers fix them.
Please consider the attached check. It is marked experimental, for now,
until I get a better idea of the size of the problem.
bluez_5.23-1_amd64.deb is one example of a package that triggers both
of these tags.
Regards,
S
-- System Information:
Debian Release: jessie/sid
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lintian depends on:
ii binutils 2.24.51.20140918-1
ii bzip2 1.0.6-7
ii diffstat 1.58-1
ii file 1:5.19-2
ii gettext 0.19.2-2
ii hardening-includes 2.5+nmu1
ii intltool-debian 0.35.0+20060710.1
ii libapt-pkg-perl 0.1.29+b2
ii libarchive-zip-perl 1.38-1
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.37-1+b1
ii libdpkg-perl 1.17.13
ii libemail-valid-perl 1.195-1
ii libfile-basedir-perl 0.03-1
ii libipc-run-perl 0.92-1
ii liblist-moreutils-perl 0.33-2+b1
ii libparse-debianchangelog-perl 1.2.0-1.1
ii libtext-levenshtein-perl 0.09-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.64-1
ii man-db 2.7.0-1
ii patchutils 0.3.3-1
ii perl [libdigest-sha-perl] 5.20.1-1
ii t1utils 1.37-2.1
Versions of packages lintian recommends:
ii libautodie-perl 2.25-1
ii libperlio-gzip-perl 0.18-3+b1
ii perl 5.20.1-1
ii perl-modules [libautodie-perl] 5.20.1-1
Versions of packages lintian suggests:
ii binutils-multiarch 2.24.51.20140918-1
ii dpkg-dev 1.17.13
ii libhtml-parser-perl 3.71-1+b2
ii libtext-template-perl 1.46-1
ii libyaml-perl 1.11-1
ii xz-utils 5.1.1alpha+20120614-2
-- no debconf information
>From d9bc5a624a066ded3ebf22806ddb2ff5d39c5a71 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Tue, 23 Sep 2014 18:36:21 +0100
Subject: [PATCH] Add checks for deprecated D-Bus policies
---
checks/dbus.desc | 57 +++++++++++++++++++++++++++++++++++++
checks/dbus.pm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 144 insertions(+)
create mode 100644 checks/dbus.desc
create mode 100644 checks/dbus.pm
diff --git a/checks/dbus.desc b/checks/dbus.desc
new file mode 100644
index 0000000..1fe8475
--- /dev/null
+++ b/checks/dbus.desc
@@ -0,0 +1,57 @@
+Check-Script: dbus
+Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
+Abbrev: dbus
+Type: binary
+Info: Checks for deprecated or harmful D-Bus configuration
+Needs-Info: unpacked
+
+Tag: dbus-policy-at-console
+Severity: normal
+Certainty: certain
+Info: The package contains D-Bus policy configuration that uses the
+ deprecated <tt>at_console</tt> condition to impose a different policy
+ for users who are "logged in at the console" according to
+ systemd-logind, ConsoleKit or similar APIs, such as:
+ .
+ <policy context="default">
+ <deny send_destination="com.example.PowerManagementDaemon"/>
+ </policy>
+ <policy at_console="true">
+ <allow send_destination="com.example.PowerManagementDaemon"/>
+ </policy>
+ .
+ The maintainers of D-Bus recommend that services should allow or deny
+ method calls according to broad categories that are not typically altered
+ by the system administrator (usually either "all users", or only root
+ and/or a specified system user). If finer-grained authorization
+ is required, the service should accept the method call message, then call
+ out to PolicyKit to decide whether to honor the request. PolicyKit can
+ use system-administrator-configurable policies to make that decision,
+ including distinguishing between users who are "at the console" and
+ those who are not.
+Ref: https://bugs.freedesktop.org/show_bug.cgi?id=39611
+Experimental: yes
+
+Tag: dbus-policy-without-send-destination
+Severity: normal
+Certainty: possible
+Info: The package contains D-Bus policy configuration that uses
+ one of the <tt>send_*</tt> conditions but does not specify a
+ <tt>send_destination</tt>.
+ .
+ Rules of the form
+ .
+ <allow send_interface="com.example.MyInterface"/>
+ .
+ allow messages with the given interface to be sent to <i>any</i>
+ service, not just the one installing the rule, which is rarely
+ what was intended.
+ .
+ Similarly, on the system bus, rules of the form
+ .
+ <deny send_interface="com.example.MyInterface"/>
+ .
+ are redundant with the system bus' default-deny policy, and have
+ unintended effects on other services.
+Ref: https://bugs.freedesktop.org/show_bug.cgi?id=18961,http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
+Experimental: yes
diff --git a/checks/dbus.pm b/checks/dbus.pm
new file mode 100644
index 0000000..9e9e16d
--- /dev/null
+++ b/checks/dbus.pm
@@ -0,0 +1,87 @@
+# dbus -- lintian check script, vaguely based on apache2 -*- perl -*-
+#
+# Copyright © 2012 Arno Töll
+# Copyright © 2014 Collabora Ltd.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::dbus;
+
+use strict;
+use warnings;
+use autodie;
+
+use Lintian::Tags qw(tag);
+
+sub run {
+ my ($pkg, $type, $info) = @_;
+
+ if ($type eq 'binary') {
+ foreach my $file ($info->sorted_index) {
+ next if $file->is_dir;
+
+ if ($file =~ m{^etc/dbus-1/(?:system|session).d/}) {
+ my $filename = $info->unpacked($file);
+ next if -l $filename;
+ _check_policy($file, $filename);
+ }
+ }
+ }
+ return;
+}
+
+sub _check_policy {
+ my $file = shift;
+ my $filename = shift;
+ my $callback = shift;
+
+ open(my $fh, '<', $filename);
+ my $xml;
+ {
+ local $/; # read-whole-file mode
+ $xml = <$fh>;
+ }
+ close $fh;
+
+ # Parsing XML via regexes is evil, but good enough here...
+ # note that we are parsing the entire file as one big string,
+ # so that we catch <policy\nat_console="true"\n> or whatever.
+
+ if ($xml =~ m{<policy[^>]+at_console=(["'])true\1.*?</policy>}s) {
+ tag('dbus-policy-at-console', $file);
+ }
+
+ my @rules;
+ while ($xml =~ m{(<(?:allow|deny)[^>]+send_\w+=[^>]+>)}sg) {
+ push @rules, $1;
+ }
+ foreach my $rule (@rules) {
+ if ($rule !~ m{send_destination=}) {
+ # normalize whitespace a bit
+ $rule =~ s{\s+}{ }g;
+ tag('dbus-policy-without-send-destination', $file, $rule);
+ }
+ }
+}
+
+1;
+
+# Local Variables:
+# indent-tabs-mode: nil
+# cperl-indent-level: 4
+# End:
+# vim: syntax=perl sw=4 sts=4 sr et
--
2.1.1
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.5.29
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 762609@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 Oct 2014 23:15:52 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.29
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
lintian - Debian package checker
Closes: 762609 763773 765311 765995 766033 766468
Changes:
lintian (2.5.29) unstable; urgency=medium
.
* Summary of tag changes:
+ Added:
- dbus-policy-at-console
- dbus-policy-without-send-destination
- dbus-session-service-wrong-name
- dbus-system-service-wrong-name
- invalid-profile-name-in-build-profiles-field
- invalid-profile-name-in-source-relation
- invalid-restriction-formula-in-build-profiles-field
- restriction-formula-with-debhelper-with-conflicting-version
- restriction-formula-with-debhelper-without-debhelper-version
- restriction-formula-with-versioned-dpkg-dev-conflict
- restriction-formula-without-versioned-dpkg-dev-dependency
+ Removed:
- invalid-restriction-label-in-source-relation
- invalid-restriction-namespace-in-source-relation
- invalid-restriction-term-in-source-relation
- restriction-list-with-debhelper-with-conflicting-debhelper-version
- restriction-list-with-debhelper-without-debhelper-version
- restriction-list-with-versioned-dpkg-dev-conflict
- restriction-list-without-versioned-dpkg-dev-dependency
- stageX-profile-used-but-no-binary-package-dropped
.
* checks/{control-file,fields}.{desc,pm}:
+ [NT] Apply patch from Johannes Schauer to support the
new build profile syntax. (Closes: #763773)
* checks/dbus.{desc,pm}:
+ [NT] New check by Simon McVittie to discover some dbus
related issues. (Closes: #762609)
* checks/nmu.pm:
+ [JW] Avoid chopping off trailing ">" in emails in the
canonicalize subroutine. (Closes: #766468)
* checks/rules.pm:
+ [JW,NT] Fix undef warning for packages with empty an
empty d/rules file. (Closes: #766033)
* checks/source-copyright.pm:
+ [NT] Apply patch from Johannes Schauer to optimise the
check.
+ [NT] Optimise for "dir/*" wildcards in DEP-5 copyright
files.
* checks/watch-file.pm:
+ [NT] Fix undef warning with some watch files. Thanks
to Axel Beckert for reporting the bug.
(Closes: #765995)
.
* collection/{bin-pkg-control,unpacked}:
+ [NT] Pass "-m" to tar to make it avoid "correcting" the
timestamp of the extracted files. Lintian does not need
it for correctness, so it can make tar save a few syscalls
here.
+ [NT] Explicitly pass tar options to make it extract files
as the current user and applying the users umask. This is
mostly to be explicit about how things are extracted.
* collection/file-info:
+ [NT] Stop collecting file-info for "non-files". The output
is not used and often trivial / predictable from other data
input already available.
* collection/strings:
+ [NT] Stop creating "elf-index" file as nothing uses it.
* collection/unpacked:
+ [NT] Gracefully handle when symlink targets contains
newlines. Thanks to Faheem Mitha for reporting the bug.
(Closes: #765311)
.
* frontend/lintian:
+ [NT] Aggressively reset the environment a well-defined
state at start up. Only ENV variables starting with
"LINTIAN_" (and a select few well known variables) are
preserved.
+ [NT] Runtime for collections and checks now only requires
a single --debug option. Lintian will now also show
runtime for other things (e.g. total runtimes).
+ [NT] Add --perf-debug and --perf-output options to enable
logging for performance data. This is mostly intended
to allow collecting performance data from archive-wide
runs.
+ [NT] Hide some options in the default output for --help.
These can now be shown with "--help=extended".
+ [NT] Add a new "Developer/special usage options" section
in the --help output for some options (e.g. --debug).
This section is hidden by default.
.
* lib/Lintian/Relation.pm:
+ [NT] Unparsable entries are now included in relation
objects rather than being silently discarded.
* lib/Lintian/Util.pm:
+ [NT] Purge even more ENV variables in clean_env.
+ [NT] Add "pipe_tee" subroutine for tee'ing data from one
input file descriptors to one or more output output file
descriptors.
.
* man/lintian.pod.in:
+ [NT] Document the performance logging options.
+ [NT] Add a new "Developer/special usage options" section
in the --help output for some options (e.g. --debug).
.
* private/generate-html-docs:
+ [NT] Add doctype and encoding to generated files.
.
* reporting/harness:
+ [NT] Add missing import.
* reporting/html_reprots:
+ [NT] Correct the command line in the creation of the
lintian.log.gz.
* reporting/{html_reports,templates/*}:
+ [NT] Correct the generated HTML, which was invalid in
some cases.
* reporting/templates/{head,lintian.css}.tmpl:
+ [NT] Define a default "viewport". This slightly improves
the output on some mobile devices.
+ [NT] Add some special cases for "smaller" viewports in the
style sheet.
* reporting/templates/maintainer.tmpl:
+ [NT] Correct name of variable to avoid using an undefined
variable.
.
* vendors/ubuntu/main/data/changes-file/known-dists:
+ [NT] Add "vivid" per request of Iain Lane.
Checksums-Sha1:
7057229fb295cdd213c1d39a9570dad4e0c0b780 2693 lintian_2.5.29.dsc
dd2de1aa72b612d923c7b9735c8ce1d2ac386a50 1181444 lintian_2.5.29.tar.xz
53519af230c38aa368b0092ee45ded29899d2875 791866 lintian_2.5.29_all.deb
Checksums-Sha256:
b946bf6a96cba7a9d2d76ba3ef143b31ce95ccb9dbf248361d091a9d515edd38 2693 lintian_2.5.29.dsc
1525ece9ef6529ef015fe2b601a69b4cefc41168808352a40d7d477d54c5764d 1181444 lintian_2.5.29.tar.xz
170ca7d58d71f20cf8ed5b6cd1783985dd120bb7edb6539113572d47c1934f6f 791866 lintian_2.5.29_all.deb
Files:
c977afbfdd9cb272d21aa47422b9dd31 2693 devel optional lintian_2.5.29.dsc
593c0be5c2c7fcd1013e19bff373d054 1181444 devel optional lintian_2.5.29.tar.xz
0b3d164edb2cd238a61d752b0a2a6c43 791866 devel optional lintian_2.5.29_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUSsNfAAoJEAVLu599gGRCQUwP/2r21P6yKa0KTDJSoqahVsWi
xgNbY7x1ioy1FBEMFc5vi3vmxKS1PPxtaHcTfNUQPceItdrQCDa5beLViIxtdkEg
EyU9ahBNm3NIGb+2JIHdPjPZuWoCRmXbUCV8K+skx3B2888yVfAXriRw8E61uaQB
lpUkkLasxTzQCX68yFW8S3z6HTV8BYnWLavLSWP+wic/j9n8gtKt+zfNS1t4uGmS
unI36JMieXaU5d5CWP1EGZ+aA3usKy+Lc8qWpMv6eQk1/YvlY+c4KgKLBDyDTkAw
x6WbjAvQBeeoN9D2YItAOlV/1hHF/klCMTVtqO0SJOuG1ORgH2y5waPtYUolA90H
5LtWf/vxBfh0cyUR12kRySTt3Znx8ZqK1CH9QjxJPsZTHRT9iZ2bcfXv2xUH9yAQ
hCQaZg8aTeSkM7YazF3U+9YAdFS3Ns2RkZqkYxyk0+Y6Ym5wz0U2ZErqaN/z5uQw
b4sFIl8wiVBZ2hjTx7d/GrNs5F8vhapKtUpXG75V6QgYUZ5ZZEXy2nVblw2GTrkk
MTfRbw6Uer0i3uOxCczBh3TT1AzBHNfJiwcBxgadaoCQUtyxrNoAZE3U7O+KpFSg
43+W8axiL3g9gt7YT845J9PsAxFXp/ltxZNXk8pYf6W4DuUedurZFMThbN309os3
TF4hrIw4Wg19VRy3WG6b
=kYgl
-----END PGP SIGNATURE-----
--- End Message ---