dbus-policy-excessively-broad
The package contains D-Bus policy configuration that matches broad classes of messages. This will cause strange side-effects, is almost certainly unintended, and is a probable security flaw.
For instance,
in any system bus policy file would allow the daemon
user to send
any method call to any service, including method calls which are meant to
be restricted to root-only for security, such as
org.freedesktop.systemd1.Manager.StartTransientUnit
. (In addition,
it allows that user to send any message to the com.example.Bees
service.)
The intended policy for that particular example was probably more like
which correctly allows method calls to that particular service only.
Severity: | error |
Experimental: | false |
See also
- list of all the affected packages
- the source of this tag