[MacPorts] #52257: dbus: enhancements to use privileged services via the system bus and run a session bus over a remote X11 connection

MacPorts noreply at macports.org
Thu Sep 22 15:21:07 CEST 2016 

#52257: dbus: enhancements to use privileged services via the system bus and run a
session bus over a remote X11 connection
--------------------------+------------------------
  Reporter:  rjvbertin@…  |      Owner:  mcalhoun@…
      Type:  enhancement  |     Status:  new
  Priority:  Normal       |  Milestone:
 Component:  ports        |    Version:
Resolution:               |   Keywords:
      Port:  dbus         |
--------------------------+------------------------

Comment (by rjvbertin@…):

 Re: privileged services: here's an extract from ${prefix}/share/doc/dbus
 /system-activation.txt :

 {{{
 Details:

 Setuid applications have to used only when absolutely necessary.
 In this implementation I have an single executable,
 dbus-daemon-launch-helper, with the ownership root:dbus.
 This has the permissions 4750, i.e. u+rwx g+rx +setuid.
 It is located in /usr/libexec/ and thus is not designed to be invoked by a
 user directly.

 The helper must not be passed input that can be changed maliciously, and
 therefore passing a random path with user id is totally out of the
 question.
 In this implementation a similar idea as discussed with Davids' patch was
 taken, that to pass a single name argument to the helper.
 The service filename of "org.me.test.service" is then searched for in
 /usr/share/dbus-1/system-services or other specified directories.

 If applications want to be activated on the system _and_ session busses,
 then
 service files should be installed in both directories.

 A typical service file would look like:

 [D-BUS Service]
 Name=org.me.test
 Exec=/usr/sbin/dbus-test-server.py
 User=ftp

 This gives the user to switch to, and also the path of the executable.
 The service name must match that specified in the /etc/dbus-1/system.d
 conf file.

 Precautions taken:

 * Only the bus name is passed to the helper, and this is validated
 * We are super paranoid about the user that called us, and what
 permissions we have.
 * We clear all environment variables except for DBUS_VERBOSE which is used
 for debugging
 * Anything out of the ordinary causes the helper to abort.
 }}}

-- 
Ticket URL: <https://trac.macports.org/ticket/52257#comment:11>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list