From: Marcel Holtmann <marcel@holtmann.org>
To: Tom Gundersen <teg@jklm.no>
Cc: Bluez mailing list <linux-bluetooth@vger.kernel.org>,
David Herrmann <dh.herrmann@gmail.com>
Subject: Re: [PATCH] bluetooth.conf: remove deprecated at_console statement
Date: Wed, 7 Nov 2018 19:26:03 +0100 [thread overview]
Message-ID: <DF306BBE-A4E0-445B-8BFA-FF274A379DA1@holtmann.org> (raw)
In-Reply-To: <20181106110717.8817-1-teg@jklm.no>
Hi Tom,
> As described in [0], this likely did not have the intended effect, so
> simply remove it. The change in behavior is that up until this patch
> it would be possible for root, lp, and any non-system user to potentially
> gain access to bluez' dbus interface. Now this is extended to also allow
> any system user.
>
> [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
>
> Signed-off-by: Tom Gundersen <teg@jklm.no>
> CC: David Herrmann <dh.herrmann@gmail.com>
> ---
> src/bluetooth.conf | 12 +-----------
> 1 file changed, 1 insertion(+), 11 deletions(-)
>
> diff --git a/src/bluetooth.conf b/src/bluetooth.conf
> index b67a954a2..8a1e25801 100644
> --- a/src/bluetooth.conf
> +++ b/src/bluetooth.conf
> @@ -22,18 +22,8 @@
> <allow send_interface="org.mpris.MediaPlayer2.Player"/>
> </policy>
>
> - <policy at_console="true">
> - <allow send_destination="org.bluez"/>
> - </policy>
> -
> - <!-- allow users of lp group (printing subsystem) to
> - communicate with bluetoothd -->
> - <policy group="lp">
> - <allow send_destination="org.bluez"/>
> - </policy>
> -
> <policy context="default">
> - <deny send_destination="org.bluez"/>
> + <allow send_destination="org.bluez"/>
> </policy>
so I am not sure we want give hardware configuration (and with that pairing control) to every one in the system. In iwd for example we restricted this to the group “wheel”.
Regards
Marcel
prev parent reply other threads:[~2018-11-07 18:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-06 11:07 [PATCH] bluetooth.conf: remove deprecated at_console statement Tom Gundersen
2018-11-07 11:32 ` Luiz Augusto von Dentz
2018-11-07 18:26 ` Marcel Holtmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DF306BBE-A4E0-445B-8BFA-FF274A379DA1@holtmann.org \
--to=marcel@holtmann.org \
--cc=dh.herrmann@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=teg@jklm.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).