1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
From 92babdb658109cab5cdf9fc0280264ef0715f37d Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Wed, 11 Aug 2010 20:40:25 +0000
Subject: core: work around dbus-glib property access bug (CVE-2010-1172) (rh #585394)
More info:
https://bugzilla.redhat.com/show_bug.cgi?id=585394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172
dbus-glib was not properly enforcing the 'access' permissions on
object properties exported using its API. There were 2 specific bugs:
1) dbus-glib did not enforce the introspection read/write property
permissions, so if the GObject property definition allowed write
access (which is sometimes desirable), D-Bus clients could modify
that value even if the introspection said it was read-only
2) dbus-glib was not filtering out GObject properties that were
not listed in the introspection XML. Thus, if the GObject defined
more properties than were listed in the introspection XML (which is
also often useful, and NM uses this quite a bit) those properties
would also be exposed to D-Bus clients.
To fix this completely, you need to:
1) get dbus-glib master when the patch is commited, OR grab the
patch from https://bugzilla.redhat.com/show_bug.cgi?id=585394 and
build a new dbus-glib
2) rebuild NetworkManager against the new dbus-glib
---
diff --git a/configure.ac b/configure.ac
index e1b9347..3217734 100644
--- a/configure.ac
+++ b/configure.ac
@@ -203,6 +203,12 @@ dnl
AC_CHECK_LIB([dl], [dladdr], LIBDL="-ldl", LIBDL="")
AC_SUBST(LIBDL)
+dnl
+dnl Checks for new dbus-glib property access function
+dnl
+AC_CHECK_LIB([dbus-glib-1], [dbus_glib_global_set_disable_legacy_property_access], ac_have_dg_prop="1", ac_have_dg_prop="0")
+AC_DEFINE_UNQUOTED(HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS, $ac_have_dg_prop, [Define if you have a dbus-glib with dbus_glib_global_set_disable_legacy_property_access()])
+
PKG_CHECK_MODULES(DBUS, dbus-1 >= 1.1 dbus-glib-1 >= 0.75)
AC_SUBST(DBUS_CFLAGS)
AC_SUBST(DBUS_LIBS)
diff --git a/src/main.c b/src/main.c
index c2fb58b..aea2eef 100644
--- a/src/main.c
+++ b/src/main.c
@@ -19,10 +19,7 @@
* Copyright (C) 2005 - 2008 Novell, Inc.
*/
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
+#include <config.h>
#include <glib.h>
#include <dbus/dbus.h>
#include <dbus/dbus-glib-lowlevel.h>
@@ -627,6 +624,17 @@ main (int argc, char *argv[])
g_thread_init (NULL);
dbus_g_thread_init ();
+#ifndef HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS
+#error HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS not defined
+#endif
+
+#if HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS
+ /* Ensure that non-exported properties don't leak out, and that the
+ * introspection 'access' permissions are respected.
+ */
+ dbus_glib_global_set_disable_legacy_property_access ();
+#endif
+
setup_signals ();
nm_logging_start (become_daemon);
diff --git a/src/nm-wifi-ap.c b/src/nm-wifi-ap.c
index 8a7e4e8..7770b8b 100644
--- a/src/nm-wifi-ap.c
+++ b/src/nm-wifi-ap.c
@@ -153,6 +153,8 @@ set_property (GObject *object, guint prop_id,
case PROP_STRENGTH:
nm_ap_set_strength (ap, g_value_get_char (value));
break;
+ case PROP_HW_ADDRESS:
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -242,7 +244,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
NM_802_11_AP_FLAGS_NONE,
NM_802_11_AP_FLAGS_PRIVACY,
NM_802_11_AP_FLAGS_NONE,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_WPA_FLAGS,
@@ -252,7 +254,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
NM_802_11_AP_SEC_NONE,
all_sec_flags,
NM_802_11_AP_SEC_NONE,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_RSN_FLAGS,
@@ -262,7 +264,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
NM_802_11_AP_SEC_NONE,
all_sec_flags,
NM_802_11_AP_SEC_NONE,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_SSID,
@@ -270,7 +272,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
"SSID",
"SSID",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_FREQUENCY,
@@ -278,7 +280,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
"Frequency",
"Frequency",
0, 10000, 0,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_HW_ADDRESS,
@@ -286,7 +288,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
"MAC Address",
"Hardware MAC address",
NULL,
- G_PARAM_READABLE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_MODE,
@@ -294,7 +296,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
"Mode",
"Mode",
NM_802_11_MODE_ADHOC, NM_802_11_MODE_INFRA, NM_802_11_MODE_INFRA,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_MAX_BITRATE,
@@ -302,7 +304,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
"Max Bitrate",
"Max Bitrate",
0, G_MAXUINT16, 0,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(object_class, PROP_STRENGTH,
@@ -310,7 +312,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
"Strength",
"Strength",
G_MININT8, G_MAXINT8, 0,
- G_PARAM_READWRITE));
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
/* Signals */
signals[PROPERTIES_CHANGED] =
--
|
GitWeb