[at-spi2-core] Fix for BGO#643110: Do not allow all users to connect to the accessibility bus
- From: Mike Gorse <mgorse src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [at-spi2-core] Fix for BGO#643110: Do not allow all users to connect to the accessibility bus
- Date: Mon, 7 Mar 2011 20:52:40 +0000 (UTC)
commit 7783b5e6962d9249dfdba9d1a23843735fa893af
Author: Mike Gorse <mgorse novell com>
Date: Fri Mar 4 14:15:36 2011 -0600
Fix for BGO#643110: Do not allow all users to connect to the accessibility bus
Allowing all users to connect to the accessibility bus creates a security
issue where one user could control applications being run by another user.
So we'll only allow root to connect, so that applications running as root are
still accessible. This assumes that dbus-daemon is running as the user who
is currently logged in.
bus/accessibility.conf | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/bus/accessibility.conf b/bus/accessibility.conf
index d0128a0..d9703e0 100644
--- a/bus/accessibility.conf
+++ b/bus/accessibility.conf
@@ -12,8 +12,8 @@
<listen>unix:tmpdir=/tmp</listen>
<policy context="default">
- <!-- All users can connect to system bus -->
- <allow user="*"/>
+ <!-- Allow root to connect -->
+ <allow user="root"/>
<!-- Allow everything to be sent -->
<allow send_destination="*" eavesdrop="true"/>
<!-- Allow everything to be received -->
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
