From b1036714f82037d46466bda9cd0ae13bb4c985a1 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 12 May 2015 11:10:58 +0100 Subject: [PATCH 1/5] Security hardening: force EXTERNAL auth in session.conf on Unix DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e. indirectly dependent on high-quality pseudo-random numbers whereas EXTERNAL authentication (credentials-passing) is mediated by the kernel and cannot be faked. On Windows, EXTERNAL authentication is not available, so we continue to use the hard-coded default (all authentication mechanisms are tried). Users of tcp: or nonce-tcp: on Unix will have to comment this out, but they would have had to use a special configuration anyway (to set the listening address), and the tcp: and nonce-tcp: transports are inherently insecure unless special steps are taken to have them restricted to a VPN or SSH tunnelling. Users of obscure Unix platforms (those that trigger the warning "Socket credentials not supported on this Unix OS" when compiling dbus-sysdeps-unix.c) might also have to comment this out, or preferably provide a tested patch to enable credentials-passing on that OS. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 --- bus/session.conf.in | 10 ++++++++++ cmake/CMakeLists.txt | 4 ++++ configure.ac | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/bus/session.conf.in b/bus/session.conf.in index cfe9544..e78c1d3 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -14,6 +14,16 @@ @DBUS_SESSION_BUS_LISTEN_ADDRESS@ + + @DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL@ + diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index 3de0606..20a8334 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -452,6 +452,7 @@ if (WIN32) # bus-test expects a non empty string set (DBUS_USER "Administrator") set (DBUS_TEST_USER "guest") + set (DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL "") else (WIN32) set (DBUS_SESSION_BUS_LISTEN_ADDRESS "unix:tmpdir=${DBUS_SESSION_SOCKET_DIR}" CACHE STRING "session bus default listening address") set (DBUS_SESSION_BUS_CONNECT_ADDRESS "autolaunch:" CACHE STRING "session bus fallback address for clients") @@ -461,6 +462,9 @@ else (WIN32) set (DBUS_SESSION_CONFIG_FILE ${configdir}/session.conf) set (DBUS_USER "messagebus") set (DBUS_TEST_USER "nobody") + # For best security, assume that all non-Windows platforms can do + # credentials-passing. + set (DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL "EXTERNAL") endif (WIN32) set (DBUS_DAEMON_NAME "dbus-daemon" CACHE STRING "The name of the dbus daemon executable") diff --git a/configure.ac b/configure.ac index d1c1a0d..d1d26b8 100644 --- a/configure.ac +++ b/configure.ac @@ -134,6 +134,13 @@ if test "$dbus_cygwin" = yes; then AC_DEFINE(DBUS_CYGWIN,1,[Defined if we run on a cygwin API based system]) fi +# For best security, assume that all non-Windows platforms can do +# credentials-passing. +AS_IF([test "$dbus_win" = yes], + [DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL=""], + [DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL="EXTERNAL"]) +AC_SUBST([DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL]) + AM_CONDITIONAL(DBUS_WIN, test "$dbus_win" = yes) AM_CONDITIONAL(DBUS_WINCE, test "$dbus_wince" = yes) AM_CONDITIONAL(DBUS_UNIX, test "$dbus_unix" = yes) -- 2.1.4