W dbus-policy-without-send-destination

All reports of dbus-policy-without-send-destination for the archive. The extended description of this tag is:

The package contains D-Bus policy configuration that uses one of the send_* conditions, but does not specify a send_destination, and is not specific to root.

Rules of the form
      <allow send_interface="com.example.MyInterface"/>
    
allow messages with the given interface to be sent to any service, not just the one installing the rule, which is rarely what was intended.

Similarly, on the system bus, rules of the form
      <deny send_interface="com.example.MyInterface"/>
    
are redundant with the system bus's default-deny policy, and have unintended effects on other services.

This check ignores rules of the form
      <policy user="root">
        <allow ... />
      </policy>
    
which are commonly used for the "agent" pattern seen in services like BlueZ and NetworkManager: a root-privileged daemon calls out to one or more per-user user interface agent processes with no specific name, so send_destination is not easily applicable. However, such rules should still be made as specific as possible to avoid undesired side-effects.

Refer to https://bugs.freedesktop.org/show_bug.cgi?id=18961 and http://lists.freedesktop.org/archives/dbus/2008-February/009401.html for details.

Severity: normal, Certainty: certain

Check: dbus, Type: binary

Evolution of the dbus-policy-without-send-destination Lintian tag over the past 366 days:

The beforementioned graph for the dbus-policy-without-send-destination tag

Emitted (non-overridden): 76, overridden: 0, total: 76

The package names link to the relevant maintainer page and the corresponding report for the source package. The links go to the full maintainer report page, which includes info and experimental tags and overridden tags, rather than the default page that shows only errors and warnings.

consolekit 0.4.6-6 (binary)

etc/dbus-1/system.d/ConsoleKit.conf <policy context="default"><allow send_interface="org.freedesktop.ConsoleKit.Session" send_member="SetIdleHint"/>
etc/dbus-1/system.d/ConsoleKit.conf <policy context="default"><allow send_interface="org.freedesktop.ConsoleKit.Session" send_member="SetIdleHint"/>

dhcpcd-dbus 0.6.0-1.1+b2 (binary)

etc/dbus-1/system.d/dhcpcd-dbus.conf <policy context="default"><allow send_interface="name.marples.roy.dhcpcd" />
etc/dbus-1/system.d/dhcpcd-dbus.conf <policy context="default"><allow send_interface="name.marples.roy.dhcpcd" />

fprintd 0.7.0-1 (binary)

etc/dbus-1/system.d/net.reactivated.Fprint.conf <policy context="default"><allow send_interface="net.reactivated.Fprint"/>
etc/dbus-1/system.d/net.reactivated.Fprint.conf <policy context="default"><allow send_interface="net.reactivated.Fprint"/>

fso-datad 0.12.0-3+b1 (binary)

etc/dbus-1/system.d/fsodatad.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/fsodatad.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer"/>
etc/dbus-1/system.d/fsodatad.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/fsodatad.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer"/>

fso-gsmd 0.12.0-5+b1 (binary)

etc/dbus-1/system.d/fsogsmd.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/fsogsmd.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer"/>
etc/dbus-1/system.d/fsogsmd.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/fsogsmd.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer"/>

fso-usaged 0.12.0-3+b1 (binary)

etc/dbus-1/system.d/fsousaged.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/fsousaged.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer"/>
etc/dbus-1/system.d/fsousaged.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/fsousaged.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer"/>

geoclue-2.0 2.4.7-1 (binary)

etc/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf <policy user="geoclue"><allow send_interface="org.freedesktop.GeoClue2.Agent" send_path="/org/freedesktop/GeoClue2/Agent"/>
etc/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf <policy user="geoclue"><allow send_interface="org.freedesktop.DBus.Properties" send_path="/org/freedesktop/GeoClue2/Agent"/>
etc/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf <policy user="geoclue"><allow send_interface="org.freedesktop.GeoClue2.Agent" send_path="/org/freedesktop/GeoClue2/Agent"/>
etc/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf <policy user="geoclue"><allow send_interface="org.freedesktop.DBus.Properties" send_path="/org/freedesktop/GeoClue2/Agent"/>

hplip 3.17.7+repack0-3 (binary)

etc/dbus-1/system.d/com.hp.hplip.conf <policy at_console="true"><allow send_interface="com.hp.hplip"/>
etc/dbus-1/system.d/com.hp.hplip.conf <policy context="default"><allow send_interface="com.hp.hplip"/>
etc/dbus-1/system.d/com.hp.hplip.conf <policy at_console="true"><allow send_interface="com.hp.hplip"/>
etc/dbus-1/system.d/com.hp.hplip.conf <policy context="default"><allow send_interface="com.hp.hplip"/>

kdelibs5-data 4:4.14.26-2 (binary)

etc/dbus-1/system.d/org.kde.auth.conf <policy context="default"><allow send_interface="org.kde.auth"/>

libkf5auth-data 5.36.0-1 (binary)

etc/dbus-1/system.d/org.kde.kf5auth.conf <policy context="default"><allow send_interface="org.kde.kf5auth"/>

libkf5auth-data 5.28.0-2 (binary)

etc/dbus-1/system.d/org.kde.kf5auth.conf <policy context="default"><allow send_interface="org.kde.kf5auth"/>

network-manager 1.8.2-1 (binary)

etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf <policy user="root"><deny send_interface="..." />
etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf <policy user="root"><deny send_interface="..." />

network-manager-openconnect 1.2.4-1 (binary)

etc/dbus-1/system.d/nm-openconnect-service.conf <policy user="nm-openconnect"><allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
etc/dbus-1/system.d/nm-openconnect-service.conf <policy user="nm-openconnect"><allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>

policykit-1 0.113-6 (binary)

etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf <policy user="polkitd"><allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/>
etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf <policy user="polkitd"><allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/>

scanbd 1.4.4-1+b2 (binary)

etc/dbus-1/system.d/scanbd_dbus.conf <policy user="saned"><allow send_interface="de.kmux.scanbd.server"/>
etc/dbus-1/system.d/scanbd_dbus.conf <policy context="default"><allow send_interface="de.kmux.scanbd.server"/>
etc/dbus-1/system.d/scanbd_dbus.conf <policy user="saned"><allow send_interface="de.kmux.scanbd.server"/>
etc/dbus-1/system.d/scanbd_dbus.conf <policy context="default"><allow send_interface="de.kmux.scanbd.server"/>

sssd-dbus 1.15.2-1 (binary)

etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache"/>
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>

wicd-daemon 1.7.4+tb2-4 (binary)

etc/dbus-1/system.d/wicd.conf <policy group="netdev"><allow send_interface="org.wicd.daemon"/>
etc/dbus-1/system.d/wicd.conf <policy group="netdev"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.wicd.daemon"/>
etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.wicd.daemon.wireless"/>
etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.wicd.daemon.wired"/>
etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.freedesktop.DBus.Introspectable"/>

wpasupplicant 2:2.4-1 (binary)

etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.epitest.hostap.WPASupplicant"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy context="default"><deny send_interface="fi.epitest.hostap.WPASupplicant"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy context="default"><deny send_interface="fi.w1.wpa_supplicant1"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.epitest.hostap.WPASupplicant"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy context="default"><deny send_interface="fi.epitest.hostap.WPASupplicant"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy context="default"><deny send_interface="fi.w1.wpa_supplicant1"/>

wpasupplicant 2:2.6-4 (binary)

etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.epitest.hostap.WPASupplicant"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.epitest.hostap.WPASupplicant"/>
etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/>

zemberek-server 0.7.1-12.2 (binary)

etc/dbus-1/system.d/zemberek-server.conf <policy context="default"><allow send_interface="net.zemberekserver.server.dbus.ZemberekDbusInterface"/>