| Summary: | net-dns/dnsmasq appears to install unwanted configuration file with dbus USE flag | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | ta2002 <throw_away_2002> |
| Component: | Vulnerabilities | Assignee: | Patrick McLean <chutzpah> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
This is definitely something that someone using the dbus capabilities of dnsmasq would want, though. It allows root to change the dbus configuration, and nobody else. This is probably the desired default behaviour. If you are not using dbus in dnsmasq, and don't want this file on your system, you can use /etc/portage/package.use to remove the dbus flag from dnsmasq and leave it on for everything else. I have no complaints about enabling the dbus capabilities of dnsmasq. My question is why should the lines: <allow own="uk.org.thekelleys.dnsmasq"/> <allow send_destination="uk.org.thekelleys.dnsmasq"/> be put into a live configuration file (instead of /usr/share) by default? That seems very wrong to me. Reopening under security. Installing by default a configuration file that send messages to uk.org.thekelleys.dnsmasq is a security issue. This is not a security issue, the file it installs is restricting access to changing dnsmasq settings to root only, which is _good_ for security. Without this file, any local user would be able to talk to dnsmasq through dbus and potentially change settings. If you prefer not to have this file on your system, you can use /etc/portage/package.use to disable the dbus USE flag for dnsmasq. The whole context of the part of the config file you are worried about is this:
<policy user="root">
<allow own="uk.org.thekelleys.dnsmasq"/>
<allow send_destination="uk.org.thekelleys.dnsmasq"/>
</policy>
Notice the "<policy user="root">", that is restricting it to root. Lines in XML config files are context-sensitive, not stand alone.
|
This is more something that looks wrong rather than something I know is wrong. With the dbus USE flag, the dnsmasq ebuild goes through: if use dbus ; then insinto /etc/dbus-1/system.d doins dbus/dnsmasq.conf fi This installs the file dnsmasq-2.50/dbus/dnsmasq.conf (from the tarball) into /etc/dbus-1/system.d/ This file contains: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="root"> <allow own="uk.org.thekelleys.dnsmasq"/> <allow send_destination="uk.org.thekelleys.dnsmasq"/> </policy> <policy context="default"> <deny own="uk.org.thekelleys.dnsmasq"/> <deny send_destination="uk.org.thekelleys.dnsmasq"/> </policy> </busconfig> This looks like some type of example configuration, and not something ordinary users (espcially those using the dbus USE flag for other purposes, and not specifically wanting the dbus capabilities in dnsmasq) would not necessarily want on a live system.