* Do not start mpris-proxy for root user
@ 2025-01-26 15:04 Antonio Russo
2025-05-17 13:12 ` Salvatore Bonaccorso
0 siblings, 1 reply; 14+ messages in thread
From: Antonio Russo @ 2025-01-26 15:04 UTC (permalink / raw)
To: linux-bluetooth
[-- Attachment #1.1.1: Type: text/plain, Size: 1314 bytes --]
Hello,
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes root to any security vulnerability in
mpris-proxy.
Please consider the following trivial patch that changes this
default behavior.
Best,
Antonio Russo
From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
From: Antonio Enrico Russo <aerusso@aerusso.net>
Date: Sun, 26 Jan 2025 08:00:26 -0700
Subject: [PATCH] Do not start mpris-proxy for root user
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes root to any security vulnerability in
mpris-proxy.
Inhibit this default behavior by using ConditionUser=!root.
Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
---
tools/mpris-proxy.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
index 5307490..118ed6e 100644
--- a/tools/mpris-proxy.service.in
+++ b/tools/mpris-proxy.service.in
@@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
Wants=dbus.socket
After=dbus.socket
+ConditionUser=!root
[Service]
Type=simple
--
2.48.1
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7801 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-01-26 15:04 Do not start mpris-proxy for root user Antonio Russo
@ 2025-05-17 13:12 ` Salvatore Bonaccorso
2025-05-17 14:06 ` Guido Günther
2025-05-18 13:12 ` Andrew Sayers
0 siblings, 2 replies; 14+ messages in thread
From: Salvatore Bonaccorso @ 2025-05-17 13:12 UTC (permalink / raw)
To: Antonio Russo, Guido Günther, Andrew Sayers,
Luiz Augusto von Dentz
Cc: linux-bluetooth
On Sun, Jan 26, 2025 at 08:04:27AM -0700, Antonio Russo wrote:
> Hello,
>
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes root to any security vulnerability in
> mpris-proxy.
>
> Please consider the following trivial patch that changes this
> default behavior.
>
> Best,
> Antonio Russo
>
>
> From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
> From: Antonio Enrico Russo <aerusso@aerusso.net>
> Date: Sun, 26 Jan 2025 08:00:26 -0700
> Subject: [PATCH] Do not start mpris-proxy for root user
>
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes root to any security vulnerability in
> mpris-proxy.
>
> Inhibit this default behavior by using ConditionUser=!root.
>
> Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> ---
> tools/mpris-proxy.service.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> index 5307490..118ed6e 100644
> --- a/tools/mpris-proxy.service.in
> +++ b/tools/mpris-proxy.service.in
> @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
> Wants=dbus.socket
> After=dbus.socket
> +ConditionUser=!root
> [Service]
> Type=simple
> --
> 2.48.1
Looping in all primary involved people for adding or touching the
systemd unit file. Luiz, Guido and Andrew, any opinion on the proposed
change?
For reference as well discussed in downstream Debian in
https://bugs.debian.org/1094257
Regards,
Salvatore
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-05-17 13:12 ` Salvatore Bonaccorso
@ 2025-05-17 14:06 ` Guido Günther
2025-05-18 13:12 ` Andrew Sayers
1 sibling, 0 replies; 14+ messages in thread
From: Guido Günther @ 2025-05-17 14:06 UTC (permalink / raw)
To: Salvatore Bonaccorso
Cc: Antonio Russo, Andrew Sayers, Luiz Augusto von Dentz,
linux-bluetooth
Hi,
On Sat, May 17, 2025 at 03:12:47PM +0200, Salvatore Bonaccorso wrote:
> On Sun, Jan 26, 2025 at 08:04:27AM -0700, Antonio Russo wrote:
> > Hello,
> >
> > A default installation of bluez results in the systemd user unit
> > mpris-proxy.service being started for all users---including root.
> > This unnecessarily exposes root to any security vulnerability in
> > mpris-proxy.
> >
> > Please consider the following trivial patch that changes this
> > default behavior.
> >
> > Best,
> > Antonio Russo
> >
> >
> > From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
> > From: Antonio Enrico Russo <aerusso@aerusso.net>
> > Date: Sun, 26 Jan 2025 08:00:26 -0700
> > Subject: [PATCH] Do not start mpris-proxy for root user
> >
> > A default installation of bluez results in the systemd user unit
> > mpris-proxy.service being started for all users---including root.
> > This unnecessarily exposes root to any security vulnerability in
> > mpris-proxy.
> >
> > Inhibit this default behavior by using ConditionUser=!root.
> >
> > Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> > ---
> > tools/mpris-proxy.service.in | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> > index 5307490..118ed6e 100644
> > --- a/tools/mpris-proxy.service.in
> > +++ b/tools/mpris-proxy.service.in
> > @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
> > Wants=dbus.socket
> > After=dbus.socket
> > +ConditionUser=!root
> > [Service]
> > Type=simple
> > --
> > 2.48.1
>
> Looping in all primary involved people for adding or touching the
> systemd unit file. Luiz, Guido and Andrew, any opinion on the proposed
> change?
E.g. pipewire does the same, this makes sense to me.
Reviewed-by: Guido Günther <agx@sigxcpu.org>
Cheers,
-- Guido
>
> For reference as well discussed in downstream Debian in
> https://bugs.debian.org/1094257
>
> Regards,
> Salvatore
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-05-17 13:12 ` Salvatore Bonaccorso
2025-05-17 14:06 ` Guido Günther
@ 2025-05-18 13:12 ` Andrew Sayers
2025-05-31 8:20 ` Salvatore Bonaccorso
1 sibling, 1 reply; 14+ messages in thread
From: Andrew Sayers @ 2025-05-18 13:12 UTC (permalink / raw)
To: Salvatore Bonaccorso
Cc: Antonio Russo, Guido Günther, Luiz Augusto von Dentz,
linux-bluetooth
On Sat, May 17, 2025 at 03:12:47PM +0200, Salvatore Bonaccorso wrote:
> On Sun, Jan 26, 2025 at 08:04:27AM -0700, Antonio Russo wrote:
> > Hello,
> >
> > A default installation of bluez results in the systemd user unit
> > mpris-proxy.service being started for all users---including root.
> > This unnecessarily exposes root to any security vulnerability in
> > mpris-proxy.
> >
> > Please consider the following trivial patch that changes this
> > default behavior.
> >
> > Best,
> > Antonio Russo
> >
> >
> > From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
> > From: Antonio Enrico Russo <aerusso@aerusso.net>
> > Date: Sun, 26 Jan 2025 08:00:26 -0700
> > Subject: [PATCH] Do not start mpris-proxy for root user
> >
> > A default installation of bluez results in the systemd user unit
> > mpris-proxy.service being started for all users---including root.
> > This unnecessarily exposes root to any security vulnerability in
> > mpris-proxy.
> >
> > Inhibit this default behavior by using ConditionUser=!root.
> >
> > Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> > ---
> > tools/mpris-proxy.service.in | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> > index 5307490..118ed6e 100644
> > --- a/tools/mpris-proxy.service.in
> > +++ b/tools/mpris-proxy.service.in
> > @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
> > Wants=dbus.socket
> > After=dbus.socket
> > +ConditionUser=!root
> > [Service]
> > Type=simple
> > --
> > 2.48.1
>
> Looping in all primary involved people for adding or touching the
> systemd unit file. Luiz, Guido and Andrew, any opinion on the proposed
> change?
It sounds like the same logic would apply to all system accounts.
Would "ConditionUser=!@system" make more sense? For details, see
https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#ConditionUser=
>
> For reference as well discussed in downstream Debian in
> https://bugs.debian.org/1094257
>
> Regards,
> Salvatore
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-05-18 13:12 ` Andrew Sayers
@ 2025-05-31 8:20 ` Salvatore Bonaccorso
2025-05-31 18:17 ` Guido Günther
0 siblings, 1 reply; 14+ messages in thread
From: Salvatore Bonaccorso @ 2025-05-31 8:20 UTC (permalink / raw)
To: Andrew Sayers
Cc: Antonio Russo, Guido Günther, Luiz Augusto von Dentz,
linux-bluetooth
Hi,
On Sun, May 18, 2025 at 02:12:41PM +0100, Andrew Sayers wrote:
> On Sat, May 17, 2025 at 03:12:47PM +0200, Salvatore Bonaccorso wrote:
> > On Sun, Jan 26, 2025 at 08:04:27AM -0700, Antonio Russo wrote:
> > > Hello,
> > >
> > > A default installation of bluez results in the systemd user unit
> > > mpris-proxy.service being started for all users---including root.
> > > This unnecessarily exposes root to any security vulnerability in
> > > mpris-proxy.
> > >
> > > Please consider the following trivial patch that changes this
> > > default behavior.
> > >
> > > Best,
> > > Antonio Russo
> > >
> > >
> > > From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
> > > From: Antonio Enrico Russo <aerusso@aerusso.net>
> > > Date: Sun, 26 Jan 2025 08:00:26 -0700
> > > Subject: [PATCH] Do not start mpris-proxy for root user
> > >
> > > A default installation of bluez results in the systemd user unit
> > > mpris-proxy.service being started for all users---including root.
> > > This unnecessarily exposes root to any security vulnerability in
> > > mpris-proxy.
> > >
> > > Inhibit this default behavior by using ConditionUser=!root.
> > >
> > > Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> > > ---
> > > tools/mpris-proxy.service.in | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> > > index 5307490..118ed6e 100644
> > > --- a/tools/mpris-proxy.service.in
> > > +++ b/tools/mpris-proxy.service.in
> > > @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
> > > Wants=dbus.socket
> > > After=dbus.socket
> > > +ConditionUser=!root
> > > [Service]
> > > Type=simple
> > > --
> > > 2.48.1
> >
> > Looping in all primary involved people for adding or touching the
> > systemd unit file. Luiz, Guido and Andrew, any opinion on the proposed
> > change?
>
> It sounds like the same logic would apply to all system accounts.
> Would "ConditionUser=!@system" make more sense? For details, see
> https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#ConditionUser=
Guido, what is your take here? The suggestion sounds sensible to me.
wonder how we can best move forward here, to have it then as well
resolved downstream.
Regards,
Salvatore
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-05-31 8:20 ` Salvatore Bonaccorso
@ 2025-05-31 18:17 ` Guido Günther
2025-06-02 0:29 ` Antonio Russo
0 siblings, 1 reply; 14+ messages in thread
From: Guido Günther @ 2025-05-31 18:17 UTC (permalink / raw)
To: Salvatore Bonaccorso
Cc: Andrew Sayers, Antonio Russo, Luiz Augusto von Dentz,
linux-bluetooth
Hi,
On Sat, May 31, 2025 at 10:20:43AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, May 18, 2025 at 02:12:41PM +0100, Andrew Sayers wrote:
> > On Sat, May 17, 2025 at 03:12:47PM +0200, Salvatore Bonaccorso wrote:
> > > On Sun, Jan 26, 2025 at 08:04:27AM -0700, Antonio Russo wrote:
> > > > Hello,
> > > >
> > > > A default installation of bluez results in the systemd user unit
> > > > mpris-proxy.service being started for all users---including root.
> > > > This unnecessarily exposes root to any security vulnerability in
> > > > mpris-proxy.
> > > >
> > > > Please consider the following trivial patch that changes this
> > > > default behavior.
> > > >
> > > > Best,
> > > > Antonio Russo
> > > >
> > > >
> > > > From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
> > > > From: Antonio Enrico Russo <aerusso@aerusso.net>
> > > > Date: Sun, 26 Jan 2025 08:00:26 -0700
> > > > Subject: [PATCH] Do not start mpris-proxy for root user
> > > >
> > > > A default installation of bluez results in the systemd user unit
> > > > mpris-proxy.service being started for all users---including root.
> > > > This unnecessarily exposes root to any security vulnerability in
> > > > mpris-proxy.
> > > >
> > > > Inhibit this default behavior by using ConditionUser=!root.
> > > >
> > > > Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> > > > ---
> > > > tools/mpris-proxy.service.in | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > > > diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> > > > index 5307490..118ed6e 100644
> > > > --- a/tools/mpris-proxy.service.in
> > > > +++ b/tools/mpris-proxy.service.in
> > > > @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
> > > > Wants=dbus.socket
> > > > After=dbus.socket
> > > > +ConditionUser=!root
> > > > [Service]
> > > > Type=simple
> > > > --
> > > > 2.48.1
> > >
> > > Looping in all primary involved people for adding or touching the
> > > systemd unit file. Luiz, Guido and Andrew, any opinion on the proposed
> > > change?
> >
> > It sounds like the same logic would apply to all system accounts.
> > Would "ConditionUser=!@system" make more sense? For details, see
> > https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#ConditionUser=
>
> Guido, what is your take here? The suggestion sounds sensible to me.
Sounds good to me. The system users include users running the login
managers which can have more components on e.g. mobile (for emergency
calls, etc) but I don't think they'd need the mpris-proxy.
> wonder how we can best move forward here, to have it then as well
> resolved downstream.
I *think* the patch needs a respin by Antonio and once applied we could
cherry-pick to Debian?
Cheers,
-- Guido
>
> Regards,
> Salvatore
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-05-31 18:17 ` Guido Günther
@ 2025-06-02 0:29 ` Antonio Russo
2025-06-02 18:18 ` Luiz Augusto von Dentz
0 siblings, 1 reply; 14+ messages in thread
From: Antonio Russo @ 2025-06-02 0:29 UTC (permalink / raw)
To: linux-bluetooth
Cc: Andrew Sayers, Luiz Augusto von Dentz, Salvatore Bonaccorso,
Guido Günther
On 2025-05-31 12:17, Guido Günther wrote:
>
> Sounds good to me. The system users include users running the login
> managers which can have more components on e.g. mobile (for emergency
> calls, etc) but I don't think they'd need the mpris-proxy.
>
>> wonder how we can best move forward here, to have it then as well
>> resolved downstream.
>
> I *think* the patch needs a respin by Antonio and once applied we could
> cherry-pick to Debian?
Here's an updated version of the patch with the @system condition.
I do not know how to properly acknowledge Andrew Sayers, so please add
whatever trailer is appropriate for that.
From eabbcf86ddfff98bf15b32e65c8d385d3e85f14c Mon Sep 17 00:00:00 2001
From: Antonio Enrico Russo <aerusso@aerusso.net>
Date: Sun, 1 Jun 2025 18:10:49 -0600
Subject: [PATCH] Do not start mpris-proxy for system users
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes system users to any security
vulnerabilities in mpris-proxy.
Inhibit this default behavior by using ConditionUser=!@system.
Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
---
tools/mpris-proxy.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
index c49d255..6ae56c6 100644
--- a/tools/mpris-proxy.service.in
+++ b/tools/mpris-proxy.service.in
@@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
Wants=dbus.socket
After=dbus.socket dbus.service
+ConditionUser=!@system
[Service]
Type=simple
--
2.49.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: Do not start mpris-proxy for root user
2025-06-02 0:29 ` Antonio Russo
@ 2025-06-02 18:18 ` Luiz Augusto von Dentz
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
0 siblings, 1 reply; 14+ messages in thread
From: Luiz Augusto von Dentz @ 2025-06-02 18:18 UTC (permalink / raw)
To: Antonio Russo
Cc: linux-bluetooth, Andrew Sayers, Luiz Augusto von Dentz,
Salvatore Bonaccorso, Guido Günther
Hi Antonio,
On Sun, Jun 1, 2025 at 9:24 PM Antonio Russo <aerusso@aerusso.net> wrote:
>
> On 2025-05-31 12:17, Guido Günther wrote:
> >
> > Sounds good to me. The system users include users running the login
> > managers which can have more components on e.g. mobile (for emergency
> > calls, etc) but I don't think they'd need the mpris-proxy.
> >
> >> wonder how we can best move forward here, to have it then as well
> >> resolved downstream.
> >
> > I *think* the patch needs a respin by Antonio and once applied we could
> > cherry-pick to Debian?
>
> Here's an updated version of the patch with the @system condition.
>
> I do not know how to properly acknowledge Andrew Sayers, so please add
> whatever trailer is appropriate for that.
>
> From eabbcf86ddfff98bf15b32e65c8d385d3e85f14c Mon Sep 17 00:00:00 2001
> From: Antonio Enrico Russo <aerusso@aerusso.net>
> Date: Sun, 1 Jun 2025 18:10:49 -0600
> Subject: [PATCH] Do not start mpris-proxy for system users
>
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes system users to any security
> vulnerabilities in mpris-proxy.
>
> Inhibit this default behavior by using ConditionUser=!@system.
>
> Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> ---
> tools/mpris-proxy.service.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> index c49d255..6ae56c6 100644
> --- a/tools/mpris-proxy.service.in
> +++ b/tools/mpris-proxy.service.in
> @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
>
> Wants=dbus.socket
> After=dbus.socket dbus.service
> +ConditionUser=!@system
>
> [Service]
> Type=simple
> --
> 2.49.0
Can you send a proper patch with git format-patch + git send-email?
Embedding it on another email don't seem to cut it for git am:
Applying: Do not start mpris-proxy for root user
error: corrupt patch at line 16
Patch failed at 0001 Do not start mpris-proxy for root user
>
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH] Do not start mpris-proxy for system users
2025-06-02 18:18 ` Luiz Augusto von Dentz
@ 2025-06-03 3:37 ` Antonio Russo
2025-06-03 5:10 ` bluez.test.bot
` (4 more replies)
0 siblings, 5 replies; 14+ messages in thread
From: Antonio Russo @ 2025-06-03 3:37 UTC (permalink / raw)
To: linux-bluetooth
Cc: Luiz Augusto von Dentz, Andrew Sayers, Luiz Augusto von Dentz,
Salvatore Bonaccorso, Guido Günther
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes system users to any security
vulnerabilities in mpris-proxy.
Inhibit this default behavior by using ConditionUser=!@system.
Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
---
tools/mpris-proxy.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
index c49d255..6ae56c6 100644
--- a/tools/mpris-proxy.service.in
+++ b/tools/mpris-proxy.service.in
@@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
Wants=dbus.socket
After=dbus.socket dbus.service
+ConditionUser=!@system
[Service]
Type=simple
--
2.49.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* RE: Do not start mpris-proxy for system users
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
@ 2025-06-03 5:10 ` bluez.test.bot
2025-06-03 6:59 ` [PATCH] " Guido Günther
` (3 subsequent siblings)
4 siblings, 0 replies; 14+ messages in thread
From: bluez.test.bot @ 2025-06-03 5:10 UTC (permalink / raw)
To: linux-bluetooth, aerusso
[-- Attachment #1: Type: text/plain, Size: 1261 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=968153
---Test result---
Test Summary:
CheckPatch PENDING 0.26 seconds
GitLint PENDING 0.22 seconds
BuildEll PASS 20.39 seconds
BluezMake PASS 2746.97 seconds
MakeCheck PASS 20.67 seconds
MakeDistcheck PASS 198.66 seconds
CheckValgrind PASS 275.81 seconds
CheckSmatch PASS 302.33 seconds
bluezmakeextell PASS 127.98 seconds
IncrementalBuild PENDING 0.26 seconds
ScanBuild PASS 906.58 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] Do not start mpris-proxy for system users
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
2025-06-03 5:10 ` bluez.test.bot
@ 2025-06-03 6:59 ` Guido Günther
2025-06-03 7:16 ` Paul Menzel
` (2 subsequent siblings)
4 siblings, 0 replies; 14+ messages in thread
From: Guido Günther @ 2025-06-03 6:59 UTC (permalink / raw)
To: Antonio Russo
Cc: linux-bluetooth, Luiz Augusto von Dentz, Andrew Sayers,
Luiz Augusto von Dentz, Salvatore Bonaccorso
Hi,
On Mon, Jun 02, 2025 at 09:37:20PM -0600, Antonio Russo wrote:
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes system users to any security
> vulnerabilities in mpris-proxy.
>
> Inhibit this default behavior by using ConditionUser=!@system.
>
> Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> ---
> tools/mpris-proxy.service.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> index c49d255..6ae56c6 100644
> --- a/tools/mpris-proxy.service.in
> +++ b/tools/mpris-proxy.service.in
> @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
>
> Wants=dbus.socket
> After=dbus.socket dbus.service
> +ConditionUser=!@system
>
> [Service]
> Type=simple
Reviewed-by: Guido Günther <agx@sigxcpu.org>
Cheers,
-- Guido
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] Do not start mpris-proxy for system users
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
2025-06-03 5:10 ` bluez.test.bot
2025-06-03 6:59 ` [PATCH] " Guido Günther
@ 2025-06-03 7:16 ` Paul Menzel
2025-06-03 14:35 ` Andrew Sayers
2025-06-03 17:30 ` patchwork-bot+bluetooth
4 siblings, 0 replies; 14+ messages in thread
From: Paul Menzel @ 2025-06-03 7:16 UTC (permalink / raw)
To: Antonio Russo
Cc: linux-bluetooth, Luiz Augusto von Dentz, Andrew Sayers,
Luiz Augusto von Dentz, Salvatore Bonaccorso, Guido Günther
Dear Antonio,
Thank you for your patch.
Am 03.06.25 um 05:37 schrieb Antonio Russo:
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes system users to any security
> vulnerabilities in mpris-proxy.
>
> Inhibit this default behavior by using ConditionUser=!@system.
>
> Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> ---
> tools/mpris-proxy.service.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> index c49d255..6ae56c6 100644
> --- a/tools/mpris-proxy.service.in
> +++ b/tools/mpris-proxy.service.in
> @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
>
> Wants=dbus.socket
> After=dbus.socket dbus.service
> +ConditionUser=!@system
>
> [Service]
> Type=simple
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Kind regards,
Paul
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] Do not start mpris-proxy for system users
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
` (2 preceding siblings ...)
2025-06-03 7:16 ` Paul Menzel
@ 2025-06-03 14:35 ` Andrew Sayers
2025-06-03 17:30 ` patchwork-bot+bluetooth
4 siblings, 0 replies; 14+ messages in thread
From: Andrew Sayers @ 2025-06-03 14:35 UTC (permalink / raw)
To: Antonio Russo
Cc: linux-bluetooth, Luiz Augusto von Dentz, Luiz Augusto von Dentz,
Salvatore Bonaccorso, Guido Günther
On Mon, Jun 02, 2025 at 09:37:20PM -0600, Antonio Russo wrote:
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes system users to any security
> vulnerabilities in mpris-proxy.
>
> Inhibit this default behavior by using ConditionUser=!@system.
>
> Signed-off-by: Antonio Enrico Russo <aerusso@aerusso.net>
> ---
> tools/mpris-proxy.service.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
> index c49d255..6ae56c6 100644
> --- a/tools/mpris-proxy.service.in
> +++ b/tools/mpris-proxy.service.in
> @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
>
> Wants=dbus.socket
> After=dbus.socket dbus.service
> +ConditionUser=!@system
>
> [Service]
> Type=simple
Reviewed-by: Andrew Sayers <kernel.org@pileofstuff.org>
There was a question earlier in the thread about how to acknowledge me.
I believe the protocol is to use "Suggested-By:" when I haven't replied,
and I assume the "Reviewed-By" line *replaces* it now I have.
But I could be wrong, and don't personally have any important requirements.
> --
> 2.49.0
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH] Do not start mpris-proxy for system users
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
` (3 preceding siblings ...)
2025-06-03 14:35 ` Andrew Sayers
@ 2025-06-03 17:30 ` patchwork-bot+bluetooth
4 siblings, 0 replies; 14+ messages in thread
From: patchwork-bot+bluetooth @ 2025-06-03 17:30 UTC (permalink / raw)
To: Antonio Russo
Cc: linux-bluetooth, luiz.dentz, kernel.org, luiz.von.dentz, carnil,
agx
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Mon, 2 Jun 2025 21:37:20 -0600 you wrote:
> A default installation of bluez results in the systemd user unit
> mpris-proxy.service being started for all users---including root.
> This unnecessarily exposes system users to any security
> vulnerabilities in mpris-proxy.
>
> Inhibit this default behavior by using ConditionUser=!@system.
>
> [...]
Here is the summary with links:
- Do not start mpris-proxy for system users
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=99861c249c86
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2025-06-03 17:29 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-26 15:04 Do not start mpris-proxy for root user Antonio Russo
2025-05-17 13:12 ` Salvatore Bonaccorso
2025-05-17 14:06 ` Guido Günther
2025-05-18 13:12 ` Andrew Sayers
2025-05-31 8:20 ` Salvatore Bonaccorso
2025-05-31 18:17 ` Guido Günther
2025-06-02 0:29 ` Antonio Russo
2025-06-02 18:18 ` Luiz Augusto von Dentz
2025-06-03 3:37 ` [PATCH] Do not start mpris-proxy for system users Antonio Russo
2025-06-03 5:10 ` bluez.test.bot
2025-06-03 6:59 ` [PATCH] " Guido Günther
2025-06-03 7:16 ` Paul Menzel
2025-06-03 14:35 ` Andrew Sayers
2025-06-03 17:30 ` patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox