Fwd: Geoclue & permissions

Dan Williams dcbw at redhat.com
Mon Apr 21 16:50:41 EDT 2014


On Thu, 2014-04-17 at 17:36 +0100, Zeeshan Ali (Khattak) wrote:
> Hi everyone,
> 
> I'm forwarding my short discussion with Jouni about permissions on
> D-Bus interface, as per his suggestion to bring the discussion to this
> list.

I'm probably the one that initially did the restrictions, just because
nobody really needed to use the supplicant as a normal user long ago
when the D-Bus stuff was added.

So D-Bus methods that are read-only and cannot affect the operation of
the interface could certainly be made available to normal users.  That
would include stuff like the properties of the current connection, the
list of scanned access points, etc.

Anything functional should still be restricted to root.  Note that the
supplicant does not do any interesting authentication internally, it
relies on D-Bus permissions checking.  So if there are some read/write
properties that you'd like to allow *reading* by a user, but not
writing, then we'd need to add code to do some internal verification
since the D-Bus permissions are not fine-grained enough for that.

This means I suggest option #3 below.  I cannot think of a great reason
to restrict read-only properties and methods from all users as long as
those methods/properties do not expose private information.

Dan

> Forwarded conversation
> Subject: Geoclue & permissions
> ------------------------
> 
> From: Zeeshan Ali (Khattak) <zeeshanak at gnome.org>
> Date: Thu, Apr 17, 2014 at 4:14 PM
> To: Jouni Malinen <jouni at qca.qualcomm.com>
> 
> 
> Moi Jouni,
> 
> For wifi-geolocation in geoclue project[1], I'm currently using
> NetworkManager for getting list of WiFis in the area. Someone
> suggested that I use wpa_supplicant directly for greater portability
> and adoption so I'm looking into that.
> 
> I see that you have restricted all of your D-Bus API to root user
> only. Geoclue is supposed to typically run as a special user
> ('geoclue') without admin preveleges so goeclue can't readily use
> wpa_supplicant.
> 
> I see 3 options:
> 
> 1. Geoclue installs a dbus policy file that gives its user permissions
> on needed API.
> 2. wpa_supplicant give permissions in its policy file to geoclue user
> specifically.
> 3. wpa_supplicant give permissions to readonly API (getting list of
> interfaces, BSSs etc) to everyone.
> 
> I'm going to go for #1 for now but keeping in mind that its likely not
> to work in post-kdbus world, I thought I should consult you on this.
> 
> --
> Regards,
> 
> Zeeshan Ali (Khattak)
> FSF member#5124
> 
> [1] http://www.freedesktop.org/wiki/Software/GeoClue/
> 
> ----------
> From: Jouni Malinen <jouni at qca.qualcomm.com>
> Date: Thu, Apr 17, 2014 at 4:40 PM
> To: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
> 
> 
> On Thu, Apr 17, 2014 at 04:14:35PM +0100, Zeeshan Ali (Khattak) wrote:
> > For wifi-geolocation in geoclue project[1], I'm currently using
> > NetworkManager for getting list of WiFis in the area. Someone
> > suggested that I use wpa_supplicant directly for greater portability
> > and adoption so I'm looking into that.
> >
> > I see that you have restricted all of your D-Bus API to root user
> > only. Geoclue is supposed to typically run as a special user
> > ('geoclue') without admin preveleges so goeclue can't readily use
> > wpa_supplicant.
> 
> You may want to bring this up on the hostap mailing list. I did not
> design the D-Bus API or the permissions set in the configuration file
> for this.
> 
> > I see 3 options:
> >
> > 1. Geoclue installs a dbus policy file that gives its user permissions
> > on needed API.
> > 2. wpa_supplicant give permissions in its policy file to geoclue user
> > specifically.
> > 3. wpa_supplicant give permissions to readonly API (getting list of
> > interfaces, BSSs etc) to everyone.
> >
> > I'm going to go for #1 for now but keeping in mind that its likely not
> > to work in post-kdbus world, I thought I should consult you on this.
> 
> I'm not using the D-Bus interface that much myself, but if (3) can be
> done easily and safely, that sounds like a reasonable approach to me.
> Anyway, this should be discussed with the people who use the D-Bus
> interface, so the hostap mailing list would be more appropriate
> destination for this.
> 
> --
> Jouni Malinen                                            PGP id EFC895FA
> 
> 
> 
> 




More information about the HostAP mailing list