CVE-2008-0595 dbus security policy circumvention

* CVE-2008-0595 - security policy of the type <allow send_interface=
  "some.interface.WithMethods"/> work as an implicit allow for
  messages sent without an interface bypassing the default deny rules
  and potentially allowing restricted methods exported on the bus to be
  executed by unauthorized users.  This patch fixes the issue.
* bus/policy.c (bus_client_policy_check_can_send,
  bus_client_policy_check_can_receive): skip messages without an
  interface when evaluating an allow rule, and thus pass it to the
  default deny rules

0 files changed, 0 insertions, 0 deletions