Bug 18229 - Change system.conf to correctly deny non-reply sends by default

The previous rule <allow send_requested_reply="true"/> was actually applied to all messages, even if they weren't a reply. This meant that in fact the default DBus policy was effectively allow, rather than deny as claimed. This fix ensures that the above rule only applies to actual reply messages. Signed-off-by: Colin Walters <walters@verbum.org>
2026-02-02 08:30:37 +01:00 · 2008-12-04 15:19:13 -05:00 · 2008-12-04 15:19:13 -05:00 · 8fad15265f
commit 8fad15265f
parent c5526c18ad
1 changed files with 12 additions and 2 deletions
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@ -50,9 +50,19 @@
         even if they aren't in here -->
    <allow send_destination="org.freedesktop.DBus"/>
    <allow receive_sender="org.freedesktop.DBus"/>
-    <!-- valid replies are always allowed -->
-    <allow send_requested_reply="true"/>
+    <!-- allow sending valid replies -->
+    <allow send_requested_reply="true" send_type="method_return"/>
+    <allow send_requested_reply="true" send_type="error"/>
+    <!-- allow receiving valid replies -->
    <allow receive_requested_reply="true"/>
+    <!-- Note: the rule above also allows receiving of all non-reply messages
+         that are not denied later.  See:
+         https://bugs.freedesktop.org/show_bug.cgi?id=18229
+         Potentially this will be replaced in the future by the
+         following two rules:
+    <allow receive_requested_reply="true" receive_type="method_return"/>
+    <allow receive_requested_reply="true" receive_type="error"/>
+    -->
    <!-- disallow changing the activation environment of system services -->
    <deny send_destination="org.freedesktop.DBus"
          send_interface="org.freedesktop.DBus"