Vulnerability - moused dependency on dbus-daemon - how to get rid of DBUS?

David Wolfskill david at catwhisker.org
Wed Sep 26 12:16:18 UTC 2012 

On Tue, Sep 25, 2012 at 09:40:20PM -0700, moused86799 wrote:
> one way of attacking the OS
> 1.search the lists
> http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241042.html
> 2.)mouse intermittent works if problem with dbus-daemon
> 3.)analyze - dbus-daemon is a 'relatively unknown' and extra DEPENDENCY
> of moused

Errr...  Perhaps in your configuration; perhaps also in (some) others'.
But moused is part of base FreeBSD, while dbus* is not.  So it is
certainly possible to run moused without dbus-daemon.

But as a somewhat more constructive demonstration:

g1-227(10.0-C)[1] ps axwwl | egrep 'moused|dbus'
   0 1461    1   0  20  0  10076  9840 select   Ss    -  0:00.10 /usr/sbin/moused -a 2.7 -p /dev/psm0 -t auto
1001 7579 1855   0  21  0  10148  9280 -        RL+   7  0:00.01 egrep moused|dbus
g1-227(10.0-C)[2] 

That's from my laptop, running X.  While I have dbus-1.4.14_4 &
dbus-glib-0.94 installed (as they are listed as dependencies for
some other ports I have installed), I decline to use them.

> 4.)set kern.securelevel=333
> 5.)interrupt control of moused
> root /usr/sbin/moused -F 200 -A 1.5.2.0 -a 0.7 -r high -V -p /dev/psm0 -t
> auto
> 6.)alt to port /dev/psm0 - not completed

Errr... Everything you're doing there already requires eUID 0 access,
so I'm not sure what your concern really is.

> so, how can anything dbus be ELIMINATED from the OS?

g1-227(10.0-C)[8] grep dbus /etc/rc.conf*
g1-227(10.0-C)[9] 

> ...
> question: how can dbus or dbus-daemon be eliminated from the basic OS
> configuration for a developer workstation?

Well, I believe my laptop is configured in a way that meets the
stated criteria.  (It has a local private mirror of the FreeBSD
src, ports, & doc SVN repositories, and I track stable/9 & head
on it, daily.)  About the only point that comes to mind that I
haven't already pointed out is the addition of a stanza:

Section "ServerFlags"
    Option         "AutoAddDevices" "False"
EndSection

to xorg.conf -- though there are other ways to accomplish that, as
well (IIRC).

Of course, I avoid these fancy "desktop environment" things; the
window manager I use descends rather directly from twm (and looks
like it), but it works for me (even though I know of only 2 other
folks who I have seen use it -- one of whom is my spouse).

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
Depriving a girl or boy of an opportunity for education is evil.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120926/90f0abfe/attachment.pgp

More information about the freebsd-security mailing list