dbus-policy-without-send-destination
The package contains D-Bus policy configuration that uses
one of the send_* conditions, but does not specify a
send_destination, and is not specific to root.
Rules of the form
<allow send_interface="com.example.MyInterface"/>
allow messages with the given interface to be sent to any service, not just the one installing the rule, which is rarely what was intended.
Similarly, on the system bus, rules of the form
<deny send_interface="com.example.MyInterface"/>
are redundant with the system bus's default-deny policy, and have unintended effects on other services.
This check ignores rules of the form
<policy user="root"> <allow ... /> </policy>
which are commonly used for the "agent" pattern seen in services like
BlueZ and NetworkManager: a root-privileged daemon calls out to
one or more per-user user interface agent processes with no specific
name, so send_destination is not easily applicable.
However, such rules should still be made as specific as possible to
avoid undesired side-effects.
For more information please consult:
The tag is present in Lintian version 2.114.163.
That is the most recent version we know about.
We use semantic versions.
The patch number is a commit step indicator relative to the
2.114.0
release tag in our Git
repository.
You can find the detection logic for this version at commit f5107b6. For merge requests, please use the latest version in the Lintian check desktop/dbus.
Visibility: warning