moused86799
2012-Sep-26 11:47 UTC
Vulnerability - moused dependency on dbus-daemon - how to get rid of DBUS?
one way of attacking the OS
1.search the lists
http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241042.html
2.)mouse intermittent works if problem with dbus-daemon
3.)analyze - dbus-daemon is a 'relatively unknown' and extra DEPENDENCY
of moused
4.)set kern.securelevel=333
5.)interrupt control of moused
root /usr/sbin/moused -F 200 -A 1.5.2.0 -a 0.7 -r high -V -p /dev/psm0 -t
auto
6.)alt to port /dev/psm0 - not completed
so, how can anything dbus be ELIMINATED from the OS?
*details using dtpstree
init-+-adjkerntz
|-console-kit-daemon
|-devd
|-moused
|-dbus-daemon
|-polkitd
|-swapexd
|-7*[getty]
|-gpg-agent
|-2*[gam_server]
|-login---shell--sh---xinit-+-Xorg
| `-fluxbox-+-terminal
|-***network
question: how can dbus or dbus-daemon be eliminated from the basic OS
configuration for a
developer workstation?
Thank you.
--
View this message in context:
http://freebsd.1045724.n5.nabble.com/Vulnerability-moused-dependency-on-dbus-daemon-how-to-get-rid-of-DBUS-tp5746974.html
Sent from the freebsd-security mailing list archive at Nabble.com.
David Wolfskill
2012-Sep-26 12:16 UTC
Vulnerability - moused dependency on dbus-daemon - how to get rid of DBUS?
On Tue, Sep 25, 2012 at 09:40:20PM -0700, moused86799 wrote:> one way of attacking the OS > 1.search the lists > http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241042.html > 2.)mouse intermittent works if problem with dbus-daemon > 3.)analyze - dbus-daemon is a 'relatively unknown' and extra DEPENDENCY > of mousedErrr... Perhaps in your configuration; perhaps also in (some) others'. But moused is part of base FreeBSD, while dbus* is not. So it is certainly possible to run moused without dbus-daemon. But as a somewhat more constructive demonstration: g1-227(10.0-C)[1] ps axwwl | egrep 'moused|dbus' 0 1461 1 0 20 0 10076 9840 select Ss - 0:00.10 /usr/sbin/moused -a 2.7 -p /dev/psm0 -t auto 1001 7579 1855 0 21 0 10148 9280 - RL+ 7 0:00.01 egrep moused|dbus g1-227(10.0-C)[2] That's from my laptop, running X. While I have dbus-1.4.14_4 & dbus-glib-0.94 installed (as they are listed as dependencies for some other ports I have installed), I decline to use them.> 4.)set kern.securelevel=333 > 5.)interrupt control of moused > root /usr/sbin/moused -F 200 -A 1.5.2.0 -a 0.7 -r high -V -p /dev/psm0 -t > auto > 6.)alt to port /dev/psm0 - not completedErrr... Everything you're doing there already requires eUID 0 access, so I'm not sure what your concern really is.> so, how can anything dbus be ELIMINATED from the OS?g1-227(10.0-C)[8] grep dbus /etc/rc.conf* g1-227(10.0-C)[9]> ... > question: how can dbus or dbus-daemon be eliminated from the basic OS > configuration for a developer workstation?Well, I believe my laptop is configured in a way that meets the stated criteria. (It has a local private mirror of the FreeBSD src, ports, & doc SVN repositories, and I track stable/9 & head on it, daily.) About the only point that comes to mind that I haven't already pointed out is the addition of a stanza: Section "ServerFlags" Option "AutoAddDevices" "False" EndSection to xorg.conf -- though there are other ways to accomplish that, as well (IIRC). Of course, I avoid these fancy "desktop environment" things; the window manager I use descends rather directly from twm (and looks like it), but it works for me (even though I know of only 2 other folks who I have seen use it -- one of whom is my spouse). Peace, david -- David H. Wolfskill david@catwhisker.org Depriving a girl or boy of an opportunity for education is evil. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120926/90f0abfe/attachment.pgp