mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
df9e2c2a55
It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. This blocks messages completely unrelated to wpa_supplicant, such as NetworkManager communication with the VPN plugins. From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
<!DOCTYPE busconfig PUBLIC
|
|
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
<busconfig>
|
|
<policy user="root">
|
|
<allow own="fi.epitest.hostap.WPASupplicant"/>
|
|
|
|
<allow send_destination="fi.epitest.hostap.WPASupplicant"/>
|
|
<allow send_interface="fi.epitest.hostap.WPASupplicant"/>
|
|
|
|
<allow own="fi.w1.wpa_supplicant1"/>
|
|
|
|
<allow send_destination="fi.w1.wpa_supplicant1"/>
|
|
<allow send_interface="fi.w1.wpa_supplicant1"/>
|
|
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
|
|
</policy>
|
|
<policy context="default">
|
|
<deny own="fi.epitest.hostap.WPASupplicant"/>
|
|
<deny send_destination="fi.epitest.hostap.WPASupplicant"/>
|
|
|
|
<deny own="fi.w1.wpa_supplicant1"/>
|
|
<deny send_destination="fi.w1.wpa_supplicant1"/>
|
|
<deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
|
|
</policy>
|
|
</busconfig>
|