|
 |
5789ae |
From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
|
|
|
5789ae |
From: Vincent Bernat <vincent@bernat.ch>
|
|
|
5789ae |
Date: Tue, 23 Nov 2021 06:50:59 +0100
|
|
|
5789ae |
Subject: [PATCH] dbus: fix policy to not be overly broad
|
|
|
5789ae |
|
|
|
5789ae |
The DBus policy did not restrict the message destination, allowing any
|
|
|
5789ae |
user to inspect and manipulate any property.
|
|
|
5789ae |
|
|
|
5789ae |
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
|
|
|
5789ae |
---
|
|
|
5789ae |
keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
|
|
|
5789ae |
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
|
5789ae |
|
|
|
5789ae |
diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
|
|
|
5789ae |
index 2b78a575..b5ced608 100644
|
|
|
5789ae |
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
|
|
|
5789ae |
+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
|
|
|
5789ae |
@@ -3,12 +3,15 @@
|
|
|
5789ae |
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
|
5789ae |
<busconfig>
|
|
|
5789ae |
<policy user="root">
|
|
|
5789ae |
- <allow own="org.keepalived.Vrrp1"/>
|
|
|
5789ae |
- <allow send_destination="org.keepalived.Vrrp1"/>
|
|
|
5789ae |
+ <allow own="org.keepalived.Vrrp1" />
|
|
|
5789ae |
+ <allow send_destination="org.keepalived.Vrrp1" />
|
|
|
5789ae |
</policy>
|
|
|
5789ae |
<policy context="default">
|
|
|
5789ae |
- <allow send_interface="org.freedesktop.DBus.Introspectable" />
|
|
|
5789ae |
- <allow send_interface="org.freedesktop.DBus.Peer" />
|
|
|
5789ae |
- <allow send_interface="org.freedesktop.DBus.Properties" />
|
|
|
5789ae |
+
|
|
|
5789ae |
+ send_interface="org.freedesktop.DBus.Introspectable" />
|
|
|
5789ae |
+
|
|
|
5789ae |
+ send_interface="org.freedesktop.DBus.Peer" />
|
|
|
5789ae |
+
|
|
|
5789ae |
+ send_interface="org.freedesktop.DBus.Properties" />
|
|
|
5789ae |
</policy>
|
|
|
5789ae |
</busconfig>
|
|
|
5789ae |
--
|
|
|
5789ae |
2.33.1
|
|
|
5789ae |
|