[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#858635: marked as done (unblock (pre-approval): dbus/1.10.18-1 with #857660 fixed)

Your message dated Mon, 10 Apr 2017 15:24:00 +0000
with message-id <c4124e91-8342-5348-9c65-bd09dbf6cdbd@thykier.net>
and subject line Re: Bug#858635: unblock (pre-approval): dbus/1.10.18-1 with #857660 fixed
has caused the Debian Bug report #858635,
regarding unblock (pre-approval): dbus/1.10.18-1 with #857660 fixed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
858635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858635
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

I would like to check whether the fix for #857660 (fd.o #92832) is
something the release team would be comfortable with seeing in stretch,
or whether it should be deferred to buster. I was recently able to get
it tested and reviewed by SELinux users other than its author.
It is already fixed in experimental (1.11.x, targeted to become 1.12.x in
buster), and I haven't had bug reports about 1.11.x from Fedora (who
adopted it early for some reason).

If the release team approves in principle, I'll either release just
this change as 1.10.18, or include it in a 1.10.18 that fixes some more
serious bug or vulnerability if one comes up. If not, I'll revert it
from the 1.10.x branch, and it can wait for buster. I have no particular
horse in this race: I don't use SELinux, and it's only a normal-severity
bug, so I'm happy to either fix it or revert.

Git diff attached; the actual debdiff would be this, plus debian/changelog,
plus some Autotools noise.

Thanks,
    S

diff --git a/NEWS b/NEWS
index 59efcfa7..27fe726d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,12 @@
+D-Bus 1.10.18 (UNRELEASED)
+==
+
+Fixes:
+
+• Re-order dbus-daemon startup so that on SELinux systems, the thread
+  that reads AVC notifications retains the ability to write to the
+  audit log (fd.o #92832, Debian #857660; Laurent Bigonville)
+
 D-Bus 1.10.16 (2017-02-16)
 ==
 
@@ -24,7 +33,7 @@ Fixes:
 
   On Unix systems we strongly recommend using only the unix: and systemd:
   transports, together with EXTERNAL authentication. These are the only
-  transports and authentication mechanisms enabled by default,
+  transports and authentication mechanisms enabled by default.
 
   (fd.o #99828, Simon McVittie)
 
diff --git a/bus/bus.c b/bus/bus.c
index 128ae3c2..fd4ab9e4 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -931,6 +931,27 @@ bus_context_new (const DBusString *config_file,
       !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
     _dbus_pipe_close (print_pid_pipe, NULL);
 
+  /* Here we change our credentials if required,
+   * as soon as we've set up our sockets and pidfile.
+   * This must be done before initializing LSMs, so that the netlink
+   * monitoring thread started by avc_init() will not lose CAP_AUDIT_WRITE
+   * when the main thread calls setuid().
+   * https://bugs.freedesktop.org/show_bug.cgi?id=92832
+   */
+  if (context->user != NULL)
+    {
+      if (!_dbus_change_to_daemon_user (context->user, error))
+	{
+	  _DBUS_ASSERT_ERROR_IS_SET (error);
+	  goto failed;
+	}
+    }
+
+  /* Auditing should be initialized before LSMs, so that the LSMs are able
+   * to log audit-events that happen during their initialization.
+   */
+  bus_audit_init (context);
+
   if (!bus_selinux_full_init ())
     {
       bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but D-Bus initialization failed; check system log\n");
@@ -950,6 +971,11 @@ bus_context_new (const DBusString *config_file,
                          "AppArmor D-Bus mediation is enabled\n");
     }
 
+  /* When SELinux is used, this must happen after bus_selinux_full_init()
+   * so that it has access to the access vector cache, which is required
+   * to process <associate/> elements.
+   * http://lists.freedesktop.org/archives/dbus/2008-October/010491.html
+   */
   if (!process_config_postinit (context, parser, error))
     {
       _DBUS_ASSERT_ERROR_IS_SET (error);
@@ -962,20 +988,6 @@ bus_context_new (const DBusString *config_file,
       parser = NULL;
     }
 
-  /* Here we change our credentials if required,
-   * as soon as we've set up our sockets and pidfile
-   */
-  if (context->user != NULL)
-    {
-      if (!_dbus_change_to_daemon_user (context->user, error))
-	{
-	  _DBUS_ASSERT_ERROR_IS_SET (error);
-	  goto failed;
-	}
-    }
-
-  bus_audit_init (context);
-
   dbus_server_free_data_slot (&server_data_slot);
 
   return context;
diff --git a/configure.ac b/configure.ac
index 9ad52fff..db4679d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [10])
-m4_define([dbus_micro_version], [16])
+m4_define([dbus_micro_version], [17])
 m4_define([dbus_version],
           [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])

--- End Message ---
--- Begin Message --- 
Cyril Brulebois:
> Cyril Brulebois <kibi@debian.org> (2017-04-06):
>> My objection right now is only about the timing, I'm not trying to get
>> your work delayed until after stretch. I think I've already done some
>> extra work in the past to make sure stuff which weren't block-udeb'd got
>> into testing after the release.
> 
> It's fine to merge this now, thanks.
> 
> 
> KiBi.
> 

Unblocked, thanks.

~Niels

--- End Message ---
Reply to: