New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 712861 link

Starred by 0 users
Status: Available
Owner: ----
Cc:
zeuthen@chromium.org
derat@chromium.org
vapier@chromium.org
jorgelo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature



Sign in to add a comment

security test for image for verifying dbus state

Project Member Reported by vapier@chromium.org, Apr 18 2017 
we should have test coverage to keep a handle of dbus exposure.

there is some code in autotest that builds a tree from all the xml files:
https://chromium.googlesource.com/chromiumos/third_party/autotest/+/abe9970863bfe7e9a72e5f81796c8312bbe82db3/client/site_tests/security_DbusMap/security_DbusMap.py

we should have a (hopefully small) whitelist of exceptions, and any other new things will be rejected.

things we should disallow w/out whitelist:
- going from lower priv to higher priv (i.e. anything talking to root)
- allowing any source user

other ideas:
- should we maintain a list of well known names and who should be owning them ?
- is it possible to dynamically create a dbus interface w/out being registered in the xml interface ?  i.e. do we have to worry about doing a dump at runtime and sanity checking that there aren't anything new/unexpected in there ?

Comment 1 Deleted

Comment 2 Deleted

Comment 3 by derat@chromium.org, May 3 2018

Cc: derat@chromium.org
Components: OS>Systems
Copying over a few thoughts from email:

a) The current test fails to examine any of the files describing services owned by Chrome (installed in /opt/google/chrome/dbus, which is included by /etc/dbus-1/system.d/chrome.conf). I don't know if there are any other things that it misses.

b) If this is just reading config files from the system image, it'd be nice if it ran at build time instead of as an Autotest-based test (which runs out-of-band, is slower, is less reliable and repeatable, is harder to run, etc.).
Project Member

Comment 4 by bugdroid1@chromium.org, May 18 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/61f6b07a9b9d8546be1409b5e4a77337f3a9f7e6

commit 61f6b07a9b9d8546be1409b5e4a77337f3a9f7e6
Author: Daniel Erat <derat@chromium.org>
Date: Fri May 18 12:32:40 2018

autotest: Remove LibCrosService from security_DbusOwners.

Remove org.chromium.LibCrosService from
security_DbusOwners's baseline list of services that should
be owned by the chronos user.

BUG= chromium:692246 ,chromium:712861, chromium:833855 
TEST=none
CQ-DEPEND=I72ae7c759b75a5a9c3c38019835c02c99995ec5d

Change-Id: Ib05fd84a7d88ad9125aa56d468c678841c68a4ca
Reviewed-on: https://chromium-review.googlesource.com/1060469
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

[modify] https://crrev.com/61f6b07a9b9d8546be1409b5e4a77337f3a9f7e6/client/site_tests/security_DbusOwners/baseline

Sign in to add a comment