Debian Bug report logs - #510639
hal.conf.in needs augmenting for new D-Bus

version graph

Package: hal; Maintainer for hal is Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>; Source for hal is src:hal.

Reported by: Simon McVittie <smcv@debian.org>

Date: Sat, 3 Jan 2009 23:48:01 UTC

Severity: serious

Tags: patch, upstream

Found in version hal/0.5.11-6

Fixed in version hal/0.5.11-7

Done: Sjoerd Simons <sjoerd@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugs.freedesktop.org/show_bug.cgi?id=18985

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510639; Package hal. (Sat, 03 Jan 2009 23:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Sat, 03 Jan 2009 23:48:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: hal.conf.in needs augmenting for new D-Bus
Date: Sat, 3 Jan 2009 23:44:23 +0000
[Message part 1 (text/plain, inline)]
Package: hal
Version: 0.5.11-6
Severity: serious
Justification: blocker for #503532 (CVE-2008-4311)
Tags: upstream
User: pkg-utopia-maintainers@lists.alioth.debian.org
Usertags: CVE-2008-4311

hal installs a D-Bus system policy file which doesn't allow
introspection, or the KillSwitch method used by NetworkManager. These
used to be allowed accidentally by a dbus-daemon bug, but with the
dbus-daemon currently in experimental (which is now targeted for lenny)
they will be denied.

https://bugs.freedesktop.org/show_bug.cgi?id=18985 provides a partial,
unreviewed patch. Some quick notes I made while rummaging through the
hal source tree:

org.freedesktop.Hal.SingletonAddon - emits methods (!?) which libhal receives

rfkill: org.freedesktop.Hal.Device.KillSwitch has SetPower/GetPower

dockstation: org.freedesktop.Hal.Device.DockStation has Undock

org.freedesktop.Hal.Device.Storage has CloseTray, Eject

org.freedesktop.Hal.Device.SystemPowerManagement has Suspend etc.

org.freedesktop.Hal.Device.WakeOnLan has GetEnabled, SetEnabled

LaptopPanel already covered

CPUFreq?

KeyboarBacklight?

LightSensor?

Storage.Removable?

AccessControl?

I don't know which of these should allow privileged or unprivileged
access. A conservative version would be to let root access them.

Regards from the Cambridge BSP,
    Simon
[signature.asc (application/pgp-signature, inline)]

Blocking bugs of 503532 added: 510639 Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Sun, 04 Jan 2009 13:39:06 GMT) Full text and rfc822 format available.

Tags added: patch Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Sun, 04 Jan 2009 20:30:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510639; Package hal. (Sun, 04 Jan 2009 20:30:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Sun, 04 Jan 2009 20:30:06 GMT) Full text and rfc822 format available.

Message #14 received at 510639@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: 510639@bugs.debian.org
Subject: Possible patches for hal
Date: Sun, 4 Jan 2009 20:27:55 +0000
[Message part 1 (text/plain, inline)]
tags 510639 + patch
thanks

"Normal" use of hal (gnome-power-manager and NetworkManager) seems to
need some additional permissions; these might be enough? Hopefully you
know hal's capabilities better than I do...

    Simon
[71-hal.conf.in-qualify-all-send_interface-.-with-s.patch (text/x-diff, attachment)]
[72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch (text/x-diff, attachment)]
[73-Let-root-call-any-hal-method.patch (text/x-diff, attachment)]
[74-powerdev.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Noted your statement that Bug has been forwarded to https://bugs.freedesktop.org/show_bug.cgi?id=18985. Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Mon, 05 Jan 2009 15:42:02 GMT) Full text and rfc822 format available.

Reply sent to Sjoerd Simons <sjoerd@debian.org>:
You have taken responsibility. (Wed, 07 Jan 2009 01:09:10 GMT) Full text and rfc822 format available.

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Wed, 07 Jan 2009 01:09:10 GMT) Full text and rfc822 format available.

Message #21 received at 510639-close@bugs.debian.org (full text, mbox):

From: Sjoerd Simons <sjoerd@debian.org>
To: 510639-close@bugs.debian.org
Subject: Bug#510639: fixed in hal 0.5.11-7
Date: Wed, 07 Jan 2009 01:02:04 +0000
Source: hal
Source-Version: 0.5.11-7

We believe that the bug you reported is fixed in the latest version of
hal, which is due to be installed in the Debian FTP archive:

hal-doc_0.5.11-7_all.deb
  to pool/main/h/hal/hal-doc_0.5.11-7_all.deb
hal_0.5.11-7.diff.gz
  to pool/main/h/hal/hal_0.5.11-7.diff.gz
hal_0.5.11-7.dsc
  to pool/main/h/hal/hal_0.5.11-7.dsc
hal_0.5.11-7_amd64.deb
  to pool/main/h/hal/hal_0.5.11-7_amd64.deb
libhal-dev_0.5.11-7_amd64.deb
  to pool/main/h/hal/libhal-dev_0.5.11-7_amd64.deb
libhal-storage-dev_0.5.11-7_amd64.deb
  to pool/main/h/hal/libhal-storage-dev_0.5.11-7_amd64.deb
libhal-storage1_0.5.11-7_amd64.deb
  to pool/main/h/hal/libhal-storage1_0.5.11-7_amd64.deb
libhal1_0.5.11-7_amd64.deb
  to pool/main/h/hal/libhal1_0.5.11-7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 510639@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sjoerd Simons <sjoerd@debian.org> (supplier of updated hal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Jan 2009 00:35:16 +0000
Source: hal
Binary: hal hal-doc libhal1 libhal-storage1 libhal-dev libhal-storage-dev
Architecture: source all amd64
Version: 0.5.11-7
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Sjoerd Simons <sjoerd@debian.org>
Description: 
 hal        - Hardware Abstraction Layer
 hal-doc    - Hardware Abstraction Layer - documentation
 libhal-dev - Hardware Abstraction Layer - development files
 libhal-storage-dev - Hardware Abstraction Layer - development files
 libhal-storage1 - Hardware Abstraction Layer - shared library for storage devices
 libhal1    - Hardware Abstraction Layer - shared library
Closes: 510639
Changes: 
 hal (0.5.11-7) unstable; urgency=high
 .
   * debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
     - Added. Add send_destination to all rules using send_interface in the
       D-Bus config
   * debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
     - Added. Always allow D-Bus introspection
   * debian/patches/73-Let-root-call-any-hal-method.patch
     - Added. Allow the root user to use any HAL method. Needed to make
       NetworkManager and powersaved work properly.
   * debian/patches/74-powerdev.patch
     - Added. Allow users in the powerdev group to clal methods on the CPUFreq,
       WakeOnLan and Dockstation interface
   * Thanks to Simon McVittie for preparing and testing the patches
   * Makes HAL suitable for use with less permissive versions of D-Bus, like the
     one intended to ship with lenny (Closes: #510639)
   * Priority high as it fixes an RC bug
Checksums-Sha1: 
 452c415e6ce5b7671bfe86ba2c857fc32a13cf46 1618 hal_0.5.11-7.dsc
 b1889fb66ed0c7713dd6222788bd4659ad98bd13 36297 hal_0.5.11-7.diff.gz
 ef5c43ee653ed2175542f7e456af1651297b4a7e 672772 hal-doc_0.5.11-7_all.deb
 f00cc3eab02bddab61d1fbd8db62f741ac6b4068 801692 hal_0.5.11-7_amd64.deb
 ccb6e934ea133cc6e60efbb1c5da41cf55334703 448626 libhal1_0.5.11-7_amd64.deb
 72948225122cb6f739b3169b6ce7a03acccb91c2 438496 libhal-storage1_0.5.11-7_amd64.deb
 d996796fb4a413a595a49ec3a7866248106bb486 453462 libhal-dev_0.5.11-7_amd64.deb
 01eb20f80fbe7f64c9832f161694aed5c4f95c78 439232 libhal-storage-dev_0.5.11-7_amd64.deb
Checksums-Sha256: 
 53fbc570c073440aba09d1555ee215c54746a9bf4c0654013a2ea26227b99349 1618 hal_0.5.11-7.dsc
 a52629ced61c5dd783f4523e12b463d4f3c48675bafdbc38264a7c0a85ed3eec 36297 hal_0.5.11-7.diff.gz
 53a9824d43622dd3b57fe7884244a390ad1a01b51234a195eb352e9a683ef69d 672772 hal-doc_0.5.11-7_all.deb
 7782c3360248c43922e78d6ebe7911e31b497e9b755a423a65b3548a06bb710c 801692 hal_0.5.11-7_amd64.deb
 2a011a5b1f2e578fa6e1fe4d0d80724e9d4ed03b4ee92a15d7e45d2080a601f2 448626 libhal1_0.5.11-7_amd64.deb
 b336dbacf8c715c6774cca6519afdf15243ee1779275e00500a73c8c9c6b55ea 438496 libhal-storage1_0.5.11-7_amd64.deb
 f3e7eecda90631d4f59e96b07da4928457776ce58322e6553cb8c1bb9bbd10e9 453462 libhal-dev_0.5.11-7_amd64.deb
 a973e4c30d64dee7c17ef8d64db955da15381d8f3883075e557bd8e1f1a6fd02 439232 libhal-storage-dev_0.5.11-7_amd64.deb
Files: 
 f919ff61e8dd31c79a3a8ebf90d92571 1618 admin optional hal_0.5.11-7.dsc
 fd1444cccd6c3df97221debab7352c2e 36297 admin optional hal_0.5.11-7.diff.gz
 d1cdf2cf0cc74ae39092445b1c9894a4 672772 doc optional hal-doc_0.5.11-7_all.deb
 378d85239495fc08e98ee27c7453d1c6 801692 admin optional hal_0.5.11-7_amd64.deb
 059f07c1fdec3a4a2d84165c3e6821b6 448626 libs optional libhal1_0.5.11-7_amd64.deb
 b59aec1912b96e451cb76f6490465748 438496 libs optional libhal-storage1_0.5.11-7_amd64.deb
 ad4c32590ec42c7bdd377e2d465e6c7c 453462 libdevel optional libhal-dev_0.5.11-7_amd64.deb
 858f983441eed3ae54e1e6cf02edbf23 439232 libdevel optional libhal-storage-dev_0.5.11-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklj+qQACgkQgTd+SodosdILcwCfRCXk8gdr/KGTi0tRAtJfSWIM
NhQAn1mi2Q8IJV/2deQ0gJV79YN+s0jj
=EF2l
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 05 Feb 2009 07:28:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:37:21 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.