summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog12
-rw-r--r--debian/dbus.README.Debian32
2 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 58b46178..502aa4f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+dbus (1.9.4-1) experimental; urgency=medium
+
+ * New upstream release 1.9.4
+ - increase auth_timeout from 5 seconds back to 30 seconds since it
+ appears to cause slow or failed boot on some systems, reverting a
+ change in 1.8.8 (Closes: #769069)
+ - add a README.Debian to the dbus package documenting how
+ sysadmins with hostile local users can get the lower timeout back,
+ if their systems are fast enough to boot correctly like that
+
+ -- Simon McVittie <smcv@debian.org> Mon, 24 Nov 2014 13:57:00 +0000
+
dbus (1.9.2-1) experimental; urgency=medium
* Merge from unstable
diff --git a/debian/dbus.README.Debian b/debian/dbus.README.Debian
new file mode 100644
index 00000000..60b7df4e
--- /dev/null
+++ b/debian/dbus.README.Debian
@@ -0,0 +1,32 @@
+Adjusting limits to mitigate denial of service
+==============================================
+
+'dbus-daemon --system' has several arbitrary limits which are a trade-off
+between working correctly when not under attack, and preventing local
+denial of service attacks. System administrators with particularly hostile
+local users should review these limits and tune them if necessary.
+
+In particular, the fix for CVE-2014-3639 in dbus-1.8.8 makes it difficult
+for local users to prevent connections completely, but they can still
+introduce a delay which increases with larger authentication timeout
+(auth_timeout) values, by opening many parallel connections from
+different processes and never completing the authentication handshake.
+As a result, dbus 1.8.8 also reduced the auth_timeout from 30 seconds
+to 5 seconds to mitigate this delay. However, this change resulted in
+boot failures on some systems because systemd could not authenticate
+sufficiently quickly while the system was busy, and was reverted in 1.8.12.
+
+On fast systems with hostile local users, administrators can reduce this
+delay by returning to the 5 second timeout (or any other value in
+milliseconds), by saving this as /etc/dbus-1/system-local.conf or a file
+matching /etc/dbus-1/system.d/*.conf:
+
+ <busconfig>
+ <limit name="auth_timeout">5000</limit>
+ </busconfig>
+
+If applying this change, please reboot several times and check the
+syslog or Journal for messages containing "Connection has not authenticated
+soon enough, closing it". Seeing that message while not subject to a
+denial-of-service attack indicates that the auth_timeout has been set
+too short.