From 924823e3cbf7cb7298d8363fbd87b47ffc10bfb0 Mon Sep 17 00:00:00 2001 From: Simon McVittie <simon.mcvittie@collabora.co.uk> Date: Fri, 5 Sep 2014 15:15:14 +0100 Subject: [PATCH] Enable Stats interface by default; disallow non-root use on system bus Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80759 --- bus/system.conf.in | 15 ++++++++++++++- configure.ac | 6 +++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/bus/system.conf.in b/bus/system.conf.in index 92f4cc4..d3ac6b1 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -63,11 +63,24 @@ <allow receive_type="signal"/> <!-- Allow anyone to talk to the message bus --> - <allow send_destination="org.freedesktop.DBus"/> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus" /> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Introspection"/> <!-- But disallow some specific bus services --> <deny send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.DBus" send_member="UpdateActivationEnvironment"/> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Debug.Stats"/> + </policy> + + <!-- If the Stats interface was enabled at compile-time, root may use it. + Copy this into system.local.conf or system.d/*.conf if you want to + enable other privileged users to view statistics and debug info --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Debug.Stats"/> </policy> <!-- Config files are placed here that among other things, punch diff --git a/configure.ac b/configure.ac index cbaf874..09a72f6 100644 --- a/configure.ac +++ b/configure.ac @@ -1740,9 +1740,9 @@ AH_VERBATIM(_DARWIN_ENVIRON, ]) AC_ARG_ENABLE([stats], - [AS_HELP_STRING([--enable-stats], - [enable bus daemon usage statistics])], - [], [enable_stats=no]) + [AS_HELP_STRING([--disable-stats], + [disable bus daemon usage statistics])], + [], [enable_stats=yes]) if test "x$enable_stats" = xyes; then AC_DEFINE([DBUS_ENABLE_STATS], [1], [Define to enable bus daemon usage statistics]) -- 2.1.0