Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Sep 2012 05:16:16 -0700
From:      David Wolfskill <david@catwhisker.org>
To:        moused86799 <mousedz23499@workoblue.33mail.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Vulnerability - moused dependency on dbus-daemon - how to get rid of DBUS?
Message-ID:  <20120926121616.GA1645@albert.catwhisker.org>
In-Reply-To: <1348634420023-5746974.post@n5.nabble.com>
References:  <1348634420023-5746974.post@n5.nabble.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 25, 2012 at 09:40:20PM -0700, moused86799 wrote:
> one way of attacking the OS
> 1.search the lists
> http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241042.html
> 2.)mouse intermittent works if problem with dbus-daemon
> 3.)analyze - dbus-daemon is a 'relatively unknown' and extra DEPENDENCY
> of moused

Errr...  Perhaps in your configuration; perhaps also in (some) others'.
But moused is part of base FreeBSD, while dbus* is not.  So it is
certainly possible to run moused without dbus-daemon.

But as a somewhat more constructive demonstration:

g1-227(10.0-C)[1] ps axwwl | egrep 'moused|dbus'
   0 1461    1   0  20  0  10076  9840 select   Ss    -  0:00.10 /usr/sbin/=
moused -a 2.7 -p /dev/psm0 -t auto
1001 7579 1855   0  21  0  10148  9280 -        RL+   7  0:00.01 egrep mous=
ed|dbus
g1-227(10.0-C)[2]=20

That's from my laptop, running X.  While I have dbus-1.4.14_4 &
dbus-glib-0.94 installed (as they are listed as dependencies for
some other ports I have installed), I decline to use them.

> 4.)set kern.securelevel=3D333
> 5.)interrupt control of moused
> root /usr/sbin/moused -F 200 -A 1.5.2.0 -a 0.7 -r high -V -p /dev/psm0 -t
> auto
> 6.)alt to port /dev/psm0 - not completed

Errr... Everything you're doing there already requires eUID 0 access,
so I'm not sure what your concern really is.

> so, how can anything dbus be ELIMINATED from the OS?

g1-227(10.0-C)[8] grep dbus /etc/rc.conf*
g1-227(10.0-C)[9]=20

> ...
> question: how can dbus or dbus-daemon be eliminated from the basic OS
> configuration for a developer workstation?

Well, I believe my laptop is configured in a way that meets the
stated criteria.  (It has a local private mirror of the FreeBSD
src, ports, & doc SVN repositories, and I track stable/9 & head
on it, daily.)  About the only point that comes to mind that I
haven't already pointed out is the addition of a stanza:

Section "ServerFlags"
    Option         "AutoAddDevices" "False"
EndSection

to xorg.conf -- though there are other ways to accomplish that, as
well (IIRC).

Of course, I avoid these fancy "desktop environment" things; the
window manager I use descends rather directly from twm (and looks
like it), but it works for me (even though I know of only 2 other
folks who I have seen use it -- one of whom is my spouse).

Peace,
david
--=20
David H. Wolfskill				david@catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.

--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlBi8g8ACgkQmprOCmdXAD3dZQCgiMWFJVVgRDfJnPBTFJbt4NZX
B2AAn3eAbw4KSH49p9tpCTh9hu1lkqkj
=1KZu
-----END PGP SIGNATURE-----

--J/dobhs11T7y2rNN--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120926121616.GA1645>