oss-security - nfsd-ganesha allows anyone to call into DBUS?

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20160912095353.GB17469@suse.de>
Date: Mon, 12 Sep 2016 11:53:53 +0200
From: Sebastian Krahmer <krahmer@...e.com>
To: oss-security@...ts.openwall.com
Cc: matt@...uxbox.com, philippe.deniel@....fr
Subject: nfsd-ganesha allows anyone to call into DBUS?

Hi

The nfs-ganesha (userspace nfsd) offers a dbus API to control/admin
the nfsd via cmdline tools and some qt+python code.

The default dbus config seems to allow anyone to connect to
it and invoke methods. The code at least does not check any polkit
authorizations or dbus sender (at a first look). Am I missing something? If I dont,
the DBUS API should be declared experimental and disabled by default,
since there are some methods which would allow users to gain root.

https://github.com/nfs-ganesha/nfs-ganesha/
https://github.com/nfs-ganesha/nfs-ganesha/wiki/Dbusinterface

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.com - SuSE Security Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.