diff options
-rw-r--r-- | debian/changelog | 12 | ||||
-rw-r--r-- | debian/dbus.README.Debian | 32 |
2 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 58b46178..502aa4f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +dbus (1.9.4-1) experimental; urgency=medium + + * New upstream release 1.9.4 + - increase auth_timeout from 5 seconds back to 30 seconds since it + appears to cause slow or failed boot on some systems, reverting a + change in 1.8.8 (Closes: #769069) + - add a README.Debian to the dbus package documenting how + sysadmins with hostile local users can get the lower timeout back, + if their systems are fast enough to boot correctly like that + + -- Simon McVittie <smcv@debian.org> Mon, 24 Nov 2014 13:57:00 +0000 + dbus (1.9.2-1) experimental; urgency=medium * Merge from unstable diff --git a/debian/dbus.README.Debian b/debian/dbus.README.Debian new file mode 100644 index 00000000..60b7df4e --- /dev/null +++ b/debian/dbus.README.Debian @@ -0,0 +1,32 @@ +Adjusting limits to mitigate denial of service +============================================== + +'dbus-daemon --system' has several arbitrary limits which are a trade-off +between working correctly when not under attack, and preventing local +denial of service attacks. System administrators with particularly hostile +local users should review these limits and tune them if necessary. + +In particular, the fix for CVE-2014-3639 in dbus-1.8.8 makes it difficult +for local users to prevent connections completely, but they can still +introduce a delay which increases with larger authentication timeout +(auth_timeout) values, by opening many parallel connections from +different processes and never completing the authentication handshake. +As a result, dbus 1.8.8 also reduced the auth_timeout from 30 seconds +to 5 seconds to mitigate this delay. However, this change resulted in +boot failures on some systems because systemd could not authenticate +sufficiently quickly while the system was busy, and was reverted in 1.8.12. + +On fast systems with hostile local users, administrators can reduce this +delay by returning to the 5 second timeout (or any other value in +milliseconds), by saving this as /etc/dbus-1/system-local.conf or a file +matching /etc/dbus-1/system.d/*.conf: + + <busconfig> + <limit name="auth_timeout">5000</limit> + </busconfig> + +If applying this change, please reboot several times and check the +syslog or Journal for messages containing "Connection has not authenticated +soon enough, closing it". Seeing that message while not subject to a +denial-of-service attack indicates that the auth_timeout has been set +too short. |