The package contains D-Bus policy configuration that matches broad classes of messages. This will cause strange side-effects, is almost certainly unintended, and is a probable security flaw.
<policy user="daemon"> <allow send_type="method_call"/> <allow send_destination="com.example.Bees"/> </policy>
in any system bus policy file would allow the
daemon user to send
any method call to any service, including method calls which are meant to
be restricted to root-only for security, such as
org.freedesktop.systemd1.Manager.StartTransientUnit. (In addition,
it allows that user to send any message to the
The intended policy for that particular example was probably more like
<policy user="daemon"> <allow send_type="method_call" send_destination="com.example.Bees"/> </policy>
which correctly allows method calls to that particular service only.
For more information please consult:
The tag is present in Lintian version
That is the most recent version we know about.
We use semantic versions.
The patch number is a commit step indicator relative to the
release tag in our Git
You can find the detection logic for this version at commit ffc17eb. For merge requests, please use the latest version in the Lintian check desktop/dbus.