Lintian tag: dbus-policy-without-send-destination

Type: warning

Description (from lintian-explain-tags)

The package contains D-Bus policy configuration that uses one of the
send_* conditions, but does not specify a send_destination, and is not
specific to root.

Rules of the form

<allow send_interface="com.example.MyInterface"/>

allow messages with the given interface to be sent to *any* service, not
just the one installing the rule, which is rarely what was intended.

Similarly, on the system bus, rules of the form

<deny send_interface="com.example.MyInterface"/>

are redundant with the system bus's default-deny policy, and have
unintended effects on other services.

This check ignores rules of the form

<policy user="root">
<allow ... />
</policy>

which are commonly used for the "agent" pattern seen in services like
BlueZ and NetworkManager: a root-privileged daemon calls out to one or
more per-user user interface agent processes with no specific name, so
send_destination is not easily applicable. However, such rules should
still be made as specific as possible to avoid undesired side-effects.

Please refer to https://bugs.freedesktop.org/show_bug.cgi?id=18961 and
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html for
details.

Visibility: warning
Show-Always: no
Check: desktop/dbus

Affected packages

source version binary tag type tag information count
biometryd 0.3.1-5 biometryd-bin/0.3.1-5 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.ubports.biometryd.Operation.Observer"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:27] 9
biometryd 0.3.1-5 biometryd-bin/0.3.1-5 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.ubports.biometryd.TemplateStore"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:25] 9
biometryd 0.3.1-5 biometryd-bin/0.3.1-5 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.ubports.biometryd.Operation"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:26] 9
biometryd 0.3.1-5 biometryd-bin/0.3.1-5 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.ubports.biometryd.Service"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:22] 9
biometryd 0.3.1-5 biometryd-bin/0.3.1-5 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.ubports.biometryd.Identifier"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:24] 9
biometryd 0.3.1-5 biometryd-bin/0.3.1-5 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.ubports.biometryd.Device"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:23] 9
geoclue-2.0 2.7.1-2 geoclue-2.0/2.7.1-2+b1 warning dbus-policy-without-send-destination <policy user="geoclue"><allow send_interface="org.freedesktop.DBus.Properties" send_path="/org/freedesktop/GeoClue2/Agent"/> [usr/share/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf:2] 9
geoclue-2.0 2.7.1-2 geoclue-2.0/2.7.1-2+b1 warning dbus-policy-without-send-destination <policy user="geoclue"><allow send_interface="org.freedesktop.GeoClue2.Agent" send_path="/org/freedesktop/GeoClue2/Agent"/> [usr/share/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf:1] 9
hplip 3.22.10+dfsg0-5.1 hplip/3.22.10+dfsg0-5.1 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.hp.hplip"/> [etc/dbus-1/system.d/com.hp.hplip.conf:9] 9
hplip 3.22.10+dfsg0-5.1 hplip/3.22.10+dfsg0-5.1 warning dbus-policy-without-send-destination <policy at_console="true"><allow send_interface="com.hp.hplip"/> [etc/dbus-1/system.d/com.hp.hplip.conf:6] 9
kauth 5.115.0-2 libkf5auth-data/5.115.0-2 overridden dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.kde.kf5auth"/> [usr/share/dbus-1/system.d/org.kde.kf5auth.conf:1] 1
kf6-kauth 6.6.0-1 libkf6auth-data/6.6.0-1 overridden dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.kde.kf6auth"/> [usr/share/dbus-1/system.d/org.kde.kf6auth.conf:1] 1
network-manager 1.50.0-1 network-manager/1.50.0-1 warning dbus-policy-without-send-destination <policy user="root"><deny send_interface="..." /> [usr/share/dbus-1/system.d/org.freedesktop.NetworkManager.conf:5] 9
network-manager-openconnect 1.2.10-3 network-manager-openconnect/1.2.10-3+b1 warning dbus-policy-without-send-destination <policy user="nm-openconnect"><allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> [usr/share/dbus-1/system.d/nm-openconnect-service.conf:5] 9
policykit-1 125-2 polkitd/125-2 warning dbus-policy-without-send-destination <policy user="polkitd"><allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/> [usr/share/dbus-1/system.d/org.freedesktop.PolicyKit1.conf:3] 9
repowerd 2023.07-4 repowerd/2023.07-4 overridden dbus-policy-without-send-destination <policy context="default"><allow send_interface="com.lomiri.Repowerd.Settings"/> [etc/dbus-1/system.d/com.lomiri.Repowerd.Settings.conf:3] 8
scanbd 1.5.1-7 scanbd/1.5.1-7+b1 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="de.kmux.scanbd.server"/> [etc/dbus-1/system.d/scanbd_dbus.conf:5] 9
scanbd 1.5.1-7 scanbd/1.5.1-7+b1 warning dbus-policy-without-send-destination <policy user="saned"><allow send_interface="de.kmux.scanbd.server"/> [etc/dbus-1/system.d/scanbd_dbus.conf:2] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:6] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:9] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:11] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:12] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:10] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:8] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:7] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:13] 9
sssd 2.9.5-3 sssd-dbus/2.9.5-3+b2 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:14] 9
tcmu 1.5.4-9 tcmu-runner/1.5.4-9 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.kernel.TCMUService1"/> [etc/dbus-1/system.d/tcmu-runner.conf:4] 9
wpa 2:2.10-22 wpasupplicant/2:2.10-22 warning dbus-policy-without-send-destination <policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/> [usr/share/dbus-1/system.d/wpa_supplicant.conf:6] 9
zemberek-server 0.7.1-13 zemberek-server/0.7.1-13 warning dbus-policy-without-send-destination <policy context="default"><allow send_interface="net.zemberekserver.server.dbus.ZemberekDbusInterface"/> [etc/dbus-1/system.d/zemberek-server.conf:2] 1