For instance, org.my.App.* will now match org.my.App.foo.bar, and even
org.my.App, where it would previously only match org.my.App.foo.
This makes a lot of sense, because it allows you to structure the
subset of the dbus namespace you're granted how you please, and
there is no real security problem with this.
It also matches how arg0namespace works in dbus matches and how the
proposed dbus-implemented filterin works in:
https://bugs.freedesktop.org/show_bug.cgi?id=101902
Sometimes we get an EAGAIN error in the due to the socket being
nonblocking. In the setup phase we just allocated the new buffer
and this causes a leak. Free it in this case.
(cherry picked from commit 6a63a905bf)
The header returned from parse_header contains references
to the buffer it was used to parse from, and in some
cases we dereference these headers after freeing the buffer.
For instance this happens when we're filtering a message, and
then we later look at the destination to figure out what
kind of error to send back.
I couldn't find any cases where this would let the client
do anything other than return a different error value, but
this is still possibly a security issue.
(cherry picked from commit 18a45712cc)
Make sure we can only send message calls (not e.g. unicast signals)
to the bus. Also, whitelist the list of allowed interfaces to
org.freedesktop.DBus and org.freedesktop.DBus.Introspectable
See https://github.com/flatpak/flatpak/issues/343 for the origin
discussion of this.
This moves a all source code into separate subdirs per binary. The
helper and the generic stuff goes into lib/ which is then used by all
the others. For now this is a completely internal library, but at
some point we will probably clean it up and expose some subset.
Also, we move the dbus proxy to libexecdir.
