The AppArmor mediation code in dbus-daemon contains short circuits that allow method_return and error messages to pass through without being mediated. The thought is that the original message was allowed, so the reply should be allowed. However, D-Bus allows eavesdropping and the short circuits allow the eavesdropper to receive any method_return and error messages, even if the eavesdropper was not allowed to receive the original message.
$ echo "profile eve { file, dbus interface=org.freedesktop.DBus member={Hello,AddMatch}, }" | sudo apparmor_parser -qr
$ aa-exec -p eve -- dbus-monitor --session
...
method return sender=:1.15 -> dest=:1.51 reply_serial=27845
string "/org/ayatana/bamf/window/83886084"
method return sender=:1.15 -> dest=:1.51 reply_serial=27846
string "/org/ayatana/bamf/window/83886084"
This debdiff fixes this bug along with fixes for bug #1226356, bug #1233895,
and removes a compatibility patch that was not intended to make the 13.10
release.
Testing performed:
- Added tests for AppArmor mediation to QRT's test-dbus.py script:
http://
- Added tests for audit and deny AppArmor rule modifiers (bug #1226356) to
QRT's test-dbus.py script:
http://
- Manually verified that 'deny' and 'audit deny' dbus rules work as expected
(bug #1226356)
- Added eavesdropping mediation tests (for this bug) to QRT's test-dbus.py
script:
http://
- Verified that test-dbus.py, which uses python-dbus, passes all tests
- Verified that the AppArmor regression tests for dbus rules, which uses
libdbus, pass all tests:
http://
http://