Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easy to hijack input context with dbus call. #1955

Closed
wengxt opened this issue Oct 27, 2017 · 6 comments
Closed

Easy to hijack input context with dbus call. #1955

wengxt opened this issue Oct 27, 2017 · 6 comments
Milestone
1.5.18

Comments

@wengxt
Copy link

wengxt commented Oct 27, 2017

E.g. I can do something like from command to manipulate the state of input context.

DBUS_SESSION_BUS_ADDRESS=<ibus's address> qdbus org.freedesktop.IBus /org/freedesktop/IBus/InputContext_3 org.freedesktop.IBus.InputContext.Reset
@wengxt wengxt mentioned this issue Oct 27, 2017
Closed
@fujiwarat
Copy link
Member

Now ibus uses flatpak for that scanning and it's not designed to run applications in the server side.

@wengxt
Copy link
Author

wengxt commented Oct 30, 2017

First, this issue is not specific to flatpak. It's a generic issue to regular or sandboxed application. IBus does not check the call on inputcontext object is from the creator or not.

Second, as for flatpak, it is certainly an issue that it may let sandboxed application to by pass the sandbox and interfere other input contexts that not belong to it. ibus-portal is something that runs normally on regular session bus, it is possible that a bad application may issue malicious call on other ibus input context on portal.

flatpak does not scan the object on the service. It just bypass the dbus service through the sandbox that matches certain service name scheme. Once the object is registered on the service, it will be visible to all applications.

@fujiwarat
Copy link
Member

Just fixing your issue does not make a secure connection.
In the sandbox, the connection is per application and the bacd applications would not establish the connection.

@wengxt
Copy link
Author

wengxt commented Oct 31, 2017

Actually I'd like to point out actually ibus-portal has proper validation https://github.com/ibus/ibus/blob/master/portal/portal.c#L344 , while ibus-daemon itself missing it.

The dbus connection is not per application i'd say. application can freely open any number of dbus connection it's just the connection is sandbox and not visible outside, but the service is shared.

@fujiwarat
Copy link
Member

OK, probably the authentication could be applied to ibus-daemon however I think the connection won't become a completely secure without a container likes flatpak.
But thank you for commenting the more tangible source codes.

@fujiwarat fujiwarat reopened this Oct 31, 2017
@fujiwarat fujiwarat added this to the 1.5.18 milestone Oct 31, 2017
@fujiwarat
Copy link
Member

Actually I'd like to point out actually ibus-portal has proper validation https://github.com/ibus/ibus/blob/master/portal/portal.c#L344 , while ibus-daemon itself missing it.

I added the similar validation:
fujiwarat@f009fb1

Does it work for you?

fujiwarat added a commit that referenced this issue Jan 15, 2018
@fujiwarat
Added DBus filtering against malware
bfe57d2 
The proposal prevents non-ower of the GDBusConnection from accessing
DBus methods against malicious usages.

BUG=#1955

Review URL: https://codereview.appspot.com/335380043
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.18
Development

No branches or pull requests
2 participants
@fujiwarat @wengxt