Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 875620 - sys-apps/dbus-1.15.2: socket in /tmp instead of /run/dbus
Summary: sys-apps/dbus-1.15.2: socket in /tmp instead of /run/dbus
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Freedesktop bugs
Depends on:
Blocks: CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
  Show dependency tree
Reported: 2022-10-06 14:19 UTC by Holger Hoffstätte
Modified: 2022-10-06 16:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Holger Hoffstätte 2022-10-06 14:19:39 UTC
After updating to dbus-1.15.2 I found that its socket is placed in /tmp, unlike before with 1.15.0 where it lives in /run/dbus. This can lead to dbus (and system) outages when e.g. a tmpcleaner sees a 0-sized file in /tmp and deletes it.

Reproducible: Always

Steps to Reproduce:
1. update to dbus-1.15.2
2. find socket in /tmp
3. delete socket: dbus dead

Expected Results:  
The socket should live in /run/dbus as before.

Probably a change in runstatedir configuration.
Comment 1 Holger Hoffstätte 2022-10-06 14:21:34 UTC
This might also affect the recently added 1.14.4 but I haven't checked.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-06 14:22:52 UTC
Yeah, it's:

• On Linux, dbus-daemon and other uses of DBusServer now create a
  path-based Unix socket, unix:path=..., when asked to listen on a
  unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
  unix:dir=... on all platforms.
  Previous versions would have created an abstract socket, unix:abstract=...,
  in this situation.
  This change primarily affects the well-known session bus when run via
  dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
  dbus with --enable-user-session and running it on a systemd system,
  already used path-based Unix sockets and is unaffected by this change.
  This behaviour change prevents a sandbox escape via the session bus socket
  in sandboxing frameworks that can share the network namespace with the host
  system, such as Flatpak.
  This change might cause a regression in situations where the abstract socket
  is intentionally shared between the host system and a chroot or container,
  such as some use-cases of schroot(1). That regression can be resolved by
  using a bind-mount to share either the D-Bus socket, or the whole /tmp
  directory, with the chroot or container.
  (dbus#416, Simon McVittie)

I guess.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-06 14:29:42 UTC
See also this tmpreaper bug:
Comment 5 Mike Gilbert gentoo-dev 2022-10-06 16:17:42 UTC
The system bus continues to live at /run/dbus/system_bus_socket.

Session buses never created sockets in /run/dbus. Per the notes in comment 2, they used to be "abstract", meaning they had no presence in the filesystem at all. Now they live in /tmp instead.

This is an intentional change by dbus upstream. You will need to fix whatever cleanup scripts you use to not remove the sockets from /tmp.