linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] bluetooth.conf: remove deprecated at_console statement
@ 2018-11-06 11:07 Tom Gundersen
  2018-11-07 11:32 ` Luiz Augusto von Dentz
  2018-11-07 18:26 ` Marcel Holtmann
  0 siblings, 2 replies; 3+ messages in thread
From: Tom Gundersen @ 2018-11-06 11:07 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Tom Gundersen, David Herrmann

As described in [0], this likely did not have the intended effect, so
simply remove it. The change in behavior is that up until this patch
it would be possible for root, lp, and any non-system user to potentially
gain access to bluez' dbus interface. Now this is extended to also allow
any system user.

[0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>

Signed-off-by: Tom Gundersen <teg@jklm.no>
CC: David Herrmann <dh.herrmann@gmail.com>
---
 src/bluetooth.conf | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/src/bluetooth.conf b/src/bluetooth.conf
index b67a954a2..8a1e25801 100644
--- a/src/bluetooth.conf
+++ b/src/bluetooth.conf
@@ -22,18 +22,8 @@
     <allow send_interface="org.mpris.MediaPlayer2.Player"/>
   </policy>
 
-  <policy at_console="true">
-    <allow send_destination="org.bluez"/>
-  </policy>
-
-  <!-- allow users of lp group (printing subsystem) to 
-       communicate with bluetoothd -->
-  <policy group="lp">
-    <allow send_destination="org.bluez"/>
-  </policy>
-
   <policy context="default">
-    <deny send_destination="org.bluez"/>
+    <allow send_destination="org.bluez"/>
   </policy>
 
 </busconfig>
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] bluetooth.conf: remove deprecated at_console statement
  2018-11-06 11:07 [PATCH] bluetooth.conf: remove deprecated at_console statement Tom Gundersen
@ 2018-11-07 11:32 ` Luiz Augusto von Dentz
  2018-11-07 18:26 ` Marcel Holtmann
  1 sibling, 0 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2018-11-07 11:32 UTC (permalink / raw)
  To: teg; +Cc: linux-bluetooth, David Herrmann

Hi Tom,
On Tue, Nov 6, 2018 at 1:10 PM Tom Gundersen <teg@jklm.no> wrote:
>
> As described in [0], this likely did not have the intended effect, so
> simply remove it. The change in behavior is that up until this patch
> it would be possible for root, lp, and any non-system user to potentially
> gain access to bluez' dbus interface. Now this is extended to also allow
> any system user.
>
> [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
>
> Signed-off-by: Tom Gundersen <teg@jklm.no>
> CC: David Herrmann <dh.herrmann@gmail.com>
> ---
>  src/bluetooth.conf | 12 +-----------
>  1 file changed, 1 insertion(+), 11 deletions(-)
>
> diff --git a/src/bluetooth.conf b/src/bluetooth.conf
> index b67a954a2..8a1e25801 100644
> --- a/src/bluetooth.conf
> +++ b/src/bluetooth.conf
> @@ -22,18 +22,8 @@
>      <allow send_interface="org.mpris.MediaPlayer2.Player"/>
>    </policy>
>
> -  <policy at_console="true">
> -    <allow send_destination="org.bluez"/>
> -  </policy>
> -
> -  <!-- allow users of lp group (printing subsystem) to
> -       communicate with bluetoothd -->
> -  <policy group="lp">
> -    <allow send_destination="org.bluez"/>
> -  </policy>
> -
>    <policy context="default">
> -    <deny send_destination="org.bluez"/>
> +    <allow send_destination="org.bluez"/>
>    </policy>
>
>  </busconfig>
> --
> 2.19.1

Applied, thanks.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] bluetooth.conf: remove deprecated at_console statement
  2018-11-06 11:07 [PATCH] bluetooth.conf: remove deprecated at_console statement Tom Gundersen
  2018-11-07 11:32 ` Luiz Augusto von Dentz
@ 2018-11-07 18:26 ` Marcel Holtmann
  1 sibling, 0 replies; 3+ messages in thread
From: Marcel Holtmann @ 2018-11-07 18:26 UTC (permalink / raw)
  To: Tom Gundersen; +Cc: Bluez mailing list, David Herrmann

Hi Tom,

> As described in [0], this likely did not have the intended effect, so
> simply remove it. The change in behavior is that up until this patch
> it would be possible for root, lp, and any non-system user to potentially
> gain access to bluez' dbus interface. Now this is extended to also allow
> any system user.
> 
> [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
> 
> Signed-off-by: Tom Gundersen <teg@jklm.no>
> CC: David Herrmann <dh.herrmann@gmail.com>
> ---
> src/bluetooth.conf | 12 +-----------
> 1 file changed, 1 insertion(+), 11 deletions(-)
> 
> diff --git a/src/bluetooth.conf b/src/bluetooth.conf
> index b67a954a2..8a1e25801 100644
> --- a/src/bluetooth.conf
> +++ b/src/bluetooth.conf
> @@ -22,18 +22,8 @@
>     <allow send_interface="org.mpris.MediaPlayer2.Player"/>
>   </policy>
> 
> -  <policy at_console="true">
> -    <allow send_destination="org.bluez"/>
> -  </policy>
> -
> -  <!-- allow users of lp group (printing subsystem) to 
> -       communicate with bluetoothd -->
> -  <policy group="lp">
> -    <allow send_destination="org.bluez"/>
> -  </policy>
> -
>   <policy context="default">
> -    <deny send_destination="org.bluez"/>
> +    <allow send_destination="org.bluez"/>
>   </policy>

so I am not sure we want give hardware configuration (and with that pairing control) to every one in the system. In iwd for example we restricted this to the group “wheel”.

Regards

Marcel


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-11-07 18:26 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-06 11:07 [PATCH] bluetooth.conf: remove deprecated at_console statement Tom Gundersen
2018-11-07 11:32 ` Luiz Augusto von Dentz
2018-11-07 18:26 ` Marcel Holtmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).