1208689 – AUDIT-0: kde-inotify-survey: review of D-Bus service AND Polkit actions

Bug 1208689 - AUDIT-0: kde-inotify-survey: review of D-Bus service AND Polkit actions

Summary: AUDIT-0: kde-inotify-survey: review of D-Bus service AND Polkit actions

Status:	RESOLVED FIXED

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Current
Hardware:	Other openSUSE Tumbleweed

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Wolfgang Frisch
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-02-27 09:36 UTC by Enrico Belleri
Modified:	2024-03-13 09:21 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Enrico Belleri 2023-02-27 09:36:04 UTC

This is about a new submission request to KDE:Extra and later on to Factory.

https://build.opensuse.org/request/show/1067849

kde-inotify-survey is a KDE project that lives here: https://invent.kde.org/system/kde-inotify-survey

Errors in RPM lint:

E: polkit-untracked-privilege (Badness: 10) org.kde.kded.inotify.increaseinstancelimit (no:no:auth_admin)
E: polkit-untracked-privilege (Badness: 10) org.kde.kded.inotify.increasewatchlimit (no:no:auth_admin)

E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/org.kde.kded.inotify.conf (sha256 file digest default filter:b05d2600ec47a5fb24b1e0acffcf5a06f4d0b5707d80ffe26a1ef79c7eaa6550 shell filter:d17479783b3d85f320757e085e8f45fbb5789281e5cab6fe6cecc9ac3f57a581 xml filter:4eb68f2c3bc75842df0f3d67874588fc672ec540769db09c3a71cbb292a989f7)
E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system-services/org.kde.kded.inotify.service (sha256 file digest default filter:89a2ce5a4c6ebd7cb471f820a28fbd2dd418e377cb2ed0eaea1af59840c1dabd shell filter:89a2ce5a4c6ebd7cb471f820a28fbd2dd418e377cb2ed0eaea1af59840c1dabd xml filter:&lt;failed-to-calculate&gt;)

E: communication not allowed /usr/share/dbus-1/system.d/org.kde.kded.inotify.conf

Comment 1 Wolfgang Frisch 2023-02-27 09:58:38 UTC

Thanks for your bug report.

I intend work on it shortly.

Comment 2 Matthias Gerstner 2023-02-27 11:55:22 UTC

Note that this package emits a dbus-communication-not-allowed rpmlint warning:

https://github.com/rpm-software-management/rpmlint/issues/1008

It looks like no one is allowed to talk to this D-Bus service, which can make
sense in some special scenarios, but should be looked into.

Comment 4 Wolfgang Frisch 2023-03-07 12:26:08 UTC

I'm done with the review.

There's one generated D-Bus Service running as root:
```
[D-BUS Service]
Name=org.kde.kded.inotify
Exec=/usr/libexec/kauth/kded-inotify-helper
User=root
```
This is only accessible with admin privileges.

Beyond this, there are 3 components:

- `helper/`: 
  - the aforementioned D-Bus service, running as root
  - requires admin permissions
  - includes code in `survey/`
- `survey/`: 
  - Crawls /proc
  - No obvious flaws, except that it's inherently prone to race
    conditions, but this does not matter in this case. The count
    does not have to be perfect to be useful.
- `kded/`:
  - module for KDED
  - exposes a user-accessible D-Bus method
    org.kde.kded5:/modules/inotify/refresh(), unprivileged 

All good.
I will proceed with the whitelisting.

Comment 5 Wolfgang Frisch 2023-03-07 13:16:49 UTC

In progress.

D-Bus service:
https://github.com/rpm-software-management/rpmlint/pull/1016
https://build.opensuse.org/request/show/1069937

Polkit privileges:
https://github.com/openSUSE/polkit-default-privs/pull/88
https://build.opensuse.org/request/show/1069931

Comment 6 Wolfgang Frisch 2023-03-08 17:08:16 UTC

Both submissions accepted into Factory!
Resolved as far as I'm concerned.