Lintian tag: dbus-policy-without-send-destination

Lintian tag: dbus-policy-without-send-destination

Type: warning

Description (from lintian-explain-tags)

The package contains D-Bus policy configuration that uses one of the
send_* conditions, but does not specify a send_destination, and is not
specific to root.

Rules of the form

<allow send_interface="com.example.MyInterface"/>

allow messages with the given interface to be sent to *any* service, not
just the one installing the rule, which is rarely what was intended.

Similarly, on the system bus, rules of the form

<deny send_interface="com.example.MyInterface"/>

are redundant with the system bus's default-deny policy, and have
unintended effects on other services.

This check ignores rules of the form

<policy user="root">
<allow ... />
</policy>

which are commonly used for the "agent" pattern seen in services like
BlueZ and NetworkManager: a root-privileged daemon calls out to one or
more per-user user interface agent processes with no specific name, so
send_destination is not easily applicable. However, such rules should
still be made as specific as possible to avoid undesired side-effects.

Please refer to https://bugs.freedesktop.org/show_bug.cgi?id=18961 and
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html for
details.

Visibility: warning
Show-Always: no
Check: desktop/dbus

Affected packages

source	version	binary	level	tag	count	information
biometryd	0.3.1-5	biometryd-bin/0.3.1-5	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.ubports.biometryd.Service"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:22]
biometryd	0.3.1-5	biometryd-bin/0.3.1-5	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.ubports.biometryd.Operation.Observer"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:27]
biometryd	0.3.1-5	biometryd-bin/0.3.1-5	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.ubports.biometryd.TemplateStore"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:25]
biometryd	0.3.1-5	biometryd-bin/0.3.1-5	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.ubports.biometryd.Device"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:23]
biometryd	0.3.1-5	biometryd-bin/0.3.1-5	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.ubports.biometryd.Operation"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:26]
biometryd	0.3.1-5	biometryd-bin/0.3.1-5	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.ubports.biometryd.Identifier"/> [etc/dbus-1/system.d/com.ubports.biometryd.Service.conf:24]
geoclue-2.0	2.7.2-2	geoclue-2.0/2.7.2-2	warning	dbus-policy-without-send-destination	9	<policy user="geoclue"><allow send_interface="org.freedesktop.GeoClue2.Agent" send_path="/org/freedesktop/GeoClue2/Agent"/> [usr/share/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf:1]
geoclue-2.0	2.7.2-2	geoclue-2.0/2.7.2-2	warning	dbus-policy-without-send-destination	9	<policy user="geoclue"><allow send_interface="org.freedesktop.DBus.Properties" send_path="/org/freedesktop/GeoClue2/Agent"/> [usr/share/dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf:2]
hplip	3.22.10+dfsg0-8	hplip/3.22.10+dfsg0-8	warning	dbus-policy-without-send-destination	9	<policy at_console="true"><allow send_interface="com.hp.hplip"/> [usr/share/dbus-1/system.d/com.hp.hplip.conf:6]
hplip	3.22.10+dfsg0-8	hplip/3.22.10+dfsg0-8	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="com.hp.hplip"/> [usr/share/dbus-1/system.d/com.hp.hplip.conf:9]
kauth	5.115.0-2	libkf5auth-data/5.115.0-2	overridden	dbus-policy-without-send-destination	1	<policy context="default"><allow send_interface="org.kde.kf5auth"/> [usr/share/dbus-1/system.d/org.kde.kf5auth.conf:1]
kf6-kauth	6.11.0-1	libkf6auth-data/6.11.0-1	overridden	dbus-policy-without-send-destination	1	<policy context="default"><allow send_interface="org.kde.kf6auth"/> [usr/share/dbus-1/system.d/org.kde.kf6auth.conf:1]
lomiri-location-service	3.3.0-2	lomiri-location-service-bin/3.3.0-2	warning	dbus-policy-without-send-destination	5	<policy context="default"><allow send_interface="com.lomiri.location.Service"/> [usr/share/dbus-1/system.d/com.lomiri.location.Service.conf:13]
lomiri-location-service	3.3.0-2	lomiri-location-service-bin/3.3.0-2	warning	dbus-policy-without-send-destination	5	<policy context="default"><allow send_interface="com.lomiri.location.Service.Session"/> [usr/share/dbus-1/system.d/com.lomiri.location.Service.conf:14]
lomiri-location-service	3.3.0-2	lomiri-location-service-bin/3.3.0-2	warning	dbus-policy-without-send-destination	5	<policy context="default"><allow send_interface="core.trust.dbus.AgentRegistry"/> [usr/share/dbus-1/system.d/com.lomiri.location.Service.conf:15]
network-manager	1.52.0-5	network-manager/1.52.0-5	warning	dbus-policy-without-send-destination	7	<policy user="root"><deny send_interface="..." /> [usr/share/dbus-1/system.d/org.freedesktop.NetworkManager.conf:5]
network-manager-openconnect	1.2.10-3	network-manager-openconnect/1.2.10-3+b1	warning	dbus-policy-without-send-destination	8	<policy user="nm-openconnect"><allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> [usr/share/dbus-1/system.d/nm-openconnect-service.conf:5]
network-manager-openconnect	1.2.10-3	network-manager-openconnect/1.2.10-3+b2	warning	dbus-policy-without-send-destination	1	<policy user="nm-openconnect"><allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> [usr/share/dbus-1/system.d/nm-openconnect-service.conf:5]
policykit-1	126-2	polkitd/126-2	warning	dbus-policy-without-send-destination	9	<policy user="polkitd"><allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/> [usr/share/dbus-1/system.d/org.freedesktop.PolicyKit1.conf:3]
repowerd	2023.07-4	repowerd/2023.07-4	overridden	dbus-policy-without-send-destination	7	<policy context="default"><allow send_interface="com.lomiri.Repowerd.Settings"/> [etc/dbus-1/system.d/com.lomiri.Repowerd.Settings.conf:3]
repowerd	2023.07-4	repowerd/2023.07-4+b1	overridden	dbus-policy-without-send-destination	1	<policy context="default"><allow send_interface="com.lomiri.Repowerd.Settings"/> [etc/dbus-1/system.d/com.lomiri.Repowerd.Settings.conf:3]
scanbd	1.5.1-7	scanbd/1.5.1-7+b1	warning	dbus-policy-without-send-destination	8	<policy context="default"><allow send_interface="de.kmux.scanbd.server"/> [etc/dbus-1/system.d/scanbd_dbus.conf:5]
scanbd	1.5.1-7	scanbd/1.5.1-7+b1	warning	dbus-policy-without-send-destination	8	<policy user="saned"><allow send_interface="de.kmux.scanbd.server"/> [etc/dbus-1/system.d/scanbd_dbus.conf:2]
scanbd	1.5.1-7	scanbd/1.5.1-7+b2	warning	dbus-policy-without-send-destination	1	<policy user="saned"><allow send_interface="de.kmux.scanbd.server"/> [etc/dbus-1/system.d/scanbd_dbus.conf:2]
scanbd	1.5.1-7	scanbd/1.5.1-7+b2	warning	dbus-policy-without-send-destination	1	<policy context="default"><allow send_interface="de.kmux.scanbd.server"/> [etc/dbus-1/system.d/scanbd_dbus.conf:5]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:7]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:12]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:8]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:13]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:14]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:10]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Users"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:9]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:6]
sssd	2.10.1-2	sssd-dbus/2.10.1-2+b1	warning	dbus-policy-without-send-destination	9	<policy context="default"><allow send_interface="org.freedesktop.sssd.infopipe.Groups"/> [usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf:11]
tcmu	1.5.4-9	tcmu-runner/1.5.4-9	warning	dbus-policy-without-send-destination	8	<policy context="default"><allow send_interface="org.kernel.TCMUService1"/> [etc/dbus-1/system.d/tcmu-runner.conf:4]
tcmu	1.5.4-9	tcmu-runner/1.5.4-9+b1	warning	dbus-policy-without-send-destination	1	<policy context="default"><allow send_interface="org.kernel.TCMUService1"/> [etc/dbus-1/system.d/tcmu-runner.conf:4]
wpa	2:2.10-22	wpasupplicant/2:2.10-22	warning	dbus-policy-without-send-destination	9	<policy group="netdev"><allow send_interface="fi.w1.wpa_supplicant1"/> [usr/share/dbus-1/system.d/wpa_supplicant.conf:6]
zemberek-server	0.7.1-14	zemberek-server/0.7.1-14	warning	dbus-policy-without-send-destination	1	<policy context="default"><allow send_interface="net.zemberekserver.server.dbus.ZemberekDbusInterface"/> [etc/dbus-1/system.d/zemberek-server.conf:2]