|
 |
660c7a |
From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
|
|
|
660c7a |
From: Vincent Bernat <vincent@bernat.ch>
|
|
|
660c7a |
Date: Tue, 23 Nov 2021 06:50:59 +0100
|
|
|
660c7a |
Subject: [PATCH] dbus: fix policy to not be overly broad
|
|
|
660c7a |
|
|
|
660c7a |
The DBus policy did not restrict the message destination, allowing any
|
|
|
660c7a |
user to inspect and manipulate any property.
|
|
|
660c7a |
|
|
|
660c7a |
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
|
|
|
660c7a |
---
|
|
|
660c7a |
keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
|
|
|
660c7a |
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
|
660c7a |
|
|
|
660c7a |
diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
|
|
|
660c7a |
index 2b78a575..b5ced608 100644
|
|
|
660c7a |
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
|
|
|
660c7a |
+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
|
|
|
660c7a |
@@ -3,12 +3,15 @@
|
|
|
660c7a |
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
|
660c7a |
<busconfig>
|
|
|
660c7a |
<policy user="root">
|
|
|
660c7a |
- <allow own="org.keepalived.Vrrp1"/>
|
|
|
660c7a |
- <allow send_destination="org.keepalived.Vrrp1"/>
|
|
|
660c7a |
+ <allow own="org.keepalived.Vrrp1" />
|
|
|
660c7a |
+ <allow send_destination="org.keepalived.Vrrp1" />
|
|
|
660c7a |
</policy>
|
|
|
660c7a |
<policy context="default">
|
|
|
660c7a |
- <allow send_interface="org.freedesktop.DBus.Introspectable" />
|
|
|
660c7a |
- <allow send_interface="org.freedesktop.DBus.Peer" />
|
|
|
660c7a |
- <allow send_interface="org.freedesktop.DBus.Properties" />
|
|
|
660c7a |
+
|
|
|
660c7a |
+ send_interface="org.freedesktop.DBus.Introspectable" />
|
|
|
660c7a |
+
|
|
|
660c7a |
+ send_interface="org.freedesktop.DBus.Peer" />
|
|
|
660c7a |
+
|
|
|
660c7a |
+ send_interface="org.freedesktop.DBus.Properties" />
|
|
|
660c7a |
</policy>
|
|
|
660c7a |
</busconfig>
|
|
|
660c7a |
--
|
|
|
660c7a |
2.33.1
|
|
|
660c7a |
|