316033 – net-dns/dnsmasq appears to install unwanted configuration file with dbus USE flag

Bug 316033 - net-dns/dnsmasq appears to install unwanted configuration file with dbus USE flag

Summary: net-dns/dnsmasq appears to install unwanted configuration file with dbus USE ...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal (vote)
Assignee:	Patrick McLean

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-04-18 22:51 UTC by ta2002
Modified:	2011-10-30 22:41 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ta2002 2010-04-18 22:51:56 UTC

This is more something that looks wrong rather than something I know is wrong.

With the dbus USE flag, the dnsmasq ebuild goes through:

        if use dbus ; then
                insinto /etc/dbus-1/system.d
                doins dbus/dnsmasq.conf
        fi

This installs the file dnsmasq-2.50/dbus/dnsmasq.conf (from the tarball) into /etc/dbus-1/system.d/

This file contains:

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
        <policy user="root">
                <allow own="uk.org.thekelleys.dnsmasq"/>
                <allow send_destination="uk.org.thekelleys.dnsmasq"/>
        </policy>
        <policy context="default">
                <deny own="uk.org.thekelleys.dnsmasq"/>
                <deny send_destination="uk.org.thekelleys.dnsmasq"/>
        </policy>
</busconfig>

This looks like some type of example configuration, and not something ordinary users (espcially those using the dbus USE flag for other purposes, and not specifically wanting the dbus capabilities in dnsmasq) would not necessarily want on a live system.

Comment 1 Patrick McLean gentoo-dev

2010-04-20 03:16:54 UTC

This is definitely something that someone using the dbus capabilities of dnsmasq would want, though. It allows root to change the dbus configuration, and nobody else. This is probably the desired default behaviour.

If you are not using dbus in dnsmasq, and don't want this file on your system, you can use /etc/portage/package.use to remove the dbus flag from dnsmasq and leave it on for everything else.

Comment 2 ta2002 2010-04-20 07:19:30 UTC

I have no complaints about enabling the dbus capabilities of dnsmasq.

My question is why should the lines:

<allow own="uk.org.thekelleys.dnsmasq"/>
<allow send_destination="uk.org.thekelleys.dnsmasq"/>

be put into a live configuration file (instead of /usr/share) by default?

That seems very wrong to me.

Comment 3 ta2002 2010-05-01 02:48:04 UTC

Reopening under security.

Installing by default a configuration file that send messages to uk.org.thekelleys.dnsmasq is a security issue.

Comment 4 Patrick McLean gentoo-dev

2010-05-05 16:13:54 UTC

This is not a security issue, the file it installs is restricting access to changing dnsmasq settings to root only, which is _good_ for security. Without this file, any local user would be able to talk to dnsmasq through dbus and potentially change settings.

If you prefer not to have this file on your system, you can use /etc/portage/package.use to disable the dbus USE flag for dnsmasq.

Comment 5 Patrick McLean gentoo-dev

2010-05-05 16:24:07 UTC

The whole context of the part of the config file you are worried about is this:

       <policy user="root">
                <allow own="uk.org.thekelleys.dnsmasq"/>
                <allow send_destination="uk.org.thekelleys.dnsmasq"/>
        </policy>

Notice the "<policy user="root">", that is restricting it to root. Lines in XML config files are context-sensitive, not stand alone.