W dbus-policy-without-send-destination
All reports of dbus-policy-without-send-destination for the archive. The extended description of this tag is:
The package contains D-Bus policy configuration that uses one of the send_* conditions, but does not specify a send_destination, and is not specific to root.
Rules of the form
<allow send_interface="com.example.MyInterface"/>allow messages with the given interface to be sent to any service, not just the one installing the rule, which is rarely what was intended.
Similarly, on the system bus, rules of the form
<deny send_interface="com.example.MyInterface"/>are redundant with the system bus's default-deny policy, and have unintended effects on other services.
This check ignores rules of the form
<policy user="root"> <allow ... /> </policy>which are commonly used for the "agent" pattern seen in services like BlueZ and NetworkManager: a root-privileged daemon calls out to one or more per-user user interface agent processes with no specific name, so send_destination is not easily applicable. However, such rules should still be made as specific as possible to avoid undesired side-effects.
Refer to https://bugs.freedesktop.org/show_bug.cgi?id=18961 and http://lists.freedesktop.org/archives/dbus/2008-February/009401.html for details.
Severity: normal, Certainty: certain
Check: dbus, Type: binary
Emitted (non-overridden): 43, overridden: 1, total: 44
The package names link to the relevant maintainer page and the corresponding report for the source package. The links go to the full maintainer report page, which includes info and experimental tags and overridden tags, rather than the default page that shows only errors and warnings.
dhcpcd-dbus 0.6.0-1.1+b2 (binary) (Roy Marples <roy@marples.name>)
- etc/dbus-1/system.d/dhcpcd-dbus.conf <policy context="default"><allow send_interface="name.marples.roy.dhcpcd" /> [amd64, i386]
fprintd 0.8.1-1 (binary) (FingerForce Team <fingerforce-devel@lists.alioth.debian.org>)
- etc/dbus-1/system.d/net.reactivated.Fprint.conf <policy context="default"><allow send_interface="net.reactivated.Fprint"/> [amd64, i386]
geoclue-2.0 2.5.2-1 (binary) (Laurent Bigonville <bigon@debian.org>)
- etc/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf <policy user="geoclue"><allow send_interface="org.freedesktop.GeoClue2.Agent" send_path="/org/freedesktop/GeoClue2/Agent"/> [amd64, i386]
- etc/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf <policy user="geoclue"><allow send_interface="org.freedesktop.DBus.Properties" send_path="/org/freedesktop/GeoClue2/Agent"/> [amd64, i386]
hplip 3.19.1+dfsg0-1 (binary) (Debian Printing Team <debian-printing@lists.debian.org>)
- etc/dbus-1/system.d/com.hp.hplip.conf <policy at_console="true"><allow send_interface="com.hp.hplip"/>
- etc/dbus-1/system.d/com.hp.hplip.conf <policy context="default"><allow send_interface="com.hp.hplip"/>
hplip 3.18.12+dfsg0-2 (binary) (Debian Printing Team <debian-printing@lists.debian.org>)
- etc/dbus-1/system.d/com.hp.hplip.conf <policy at_console="true"><allow send_interface="com.hp.hplip"/>
- etc/dbus-1/system.d/com.hp.hplip.conf <policy context="default"><allow send_interface="com.hp.hplip"/>
kdelibs5-data 4:4.14.38-4~exp1 (binary) (Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>)
- etc/dbus-1/system.d/org.kde.auth.conf <policy context="default"><allow send_interface="org.kde.auth"/>
kdelibs5-data 4:4.14.38-3 (binary) (Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>)
- etc/dbus-1/system.d/org.kde.auth.conf <policy context="default"><allow send_interface="org.kde.auth"/>
keepalived 1:2.0.10-1 (binary) (Alexander Wirt <formorer@debian.org>)
- etc/dbus-1/system.d/org.keepalived.Vrrp1.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Introspectable" /> [amd64, i386]
- etc/dbus-1/system.d/org.keepalived.Vrrp1.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Peer" /> [amd64, i386]
- etc/dbus-1/system.d/org.keepalived.Vrrp1.conf <policy context="default"><allow send_interface="org.freedesktop.DBus.Properties" /> [amd64, i386]
libkf5auth-data 5.54.0-2 (binary) (Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>) overridden
- O etc/dbus-1/system.d/org.kde.kf5auth.conf <policy context="default"><allow send_interface="org.kde.kf5auth"/>
network-manager-openconnect 1.2.4-2 (binary) (Mike Miller <mtmiller@debian.org>)
- etc/dbus-1/system.d/nm-openconnect-service.conf <policy user="nm-openconnect"><allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> [amd64, i386]
scanbd 1.5.1-4 (binary) (Debian QA Group <packages@qa.debian.org>)
- etc/dbus-1/system.d/scanbd_dbus.conf <policy user="saned"><allow send_interface="de.kmux.scanbd.server"/> [amd64, i386]
- etc/dbus-1/system.d/scanbd_dbus.conf <policy context="default"><allow send_interface="de.kmux.scanbd.server"/> [amd64, i386]
sssd-dbus 1.16.4-1~exp1 (binary) (Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>)
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>
sssd-dbus 1.16.3-3.1 (binary) (Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>)
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache"/>
- etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>
wicd-daemon 1.7.4+tb2-6 (binary) (Debian WICD Packaging Team <pkg-wicd-maint@lists.alioth.debian.org>)
- etc/dbus-1/system.d/wicd.conf <policy group="netdev"><allow send_interface="org.wicd.daemon"/>
- etc/dbus-1/system.d/wicd.conf <policy group="netdev"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
- etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.wicd.daemon"/>
- etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.wicd.daemon.wireless"/>
- etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.wicd.daemon.wired"/>
- etc/dbus-1/system.d/wicd.conf <policy at_console="true"><allow send_interface="org.freedesktop.DBus.Introspectable"/>
wpasupplicant 2:2.7+git20190128+0c1e29f-4 (binary) (Debian wpasupplicant Maintainers <wpa@packages.debian.org>)
- etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.epitest.hostap.WPASupplicant"/> [amd64, i386]
- etc/dbus-1/system.d/wpa_supplicant.conf <policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/> [amd64, i386]
zemberek-server 0.7.1-12.2 (binary) (Rail Aliev <rail@i-rs.ru>)
- etc/dbus-1/system.d/zemberek-server.conf <policy context="default"><allow send_interface="net.zemberekserver.server.dbus.ZemberekDbusInterface"/>