Pidgin exposes everything through its D-Bus service
So Tor Browser can totally sniff your buddy list and send your friends creepy messages.
Disabling this interface some how would solve this, but we're gonna use it in Tails Server's client application, to automate account creation, joining the right chat, etc. intrigeri tells me we could do D-Bus mediation with AppArmor once Linux 4.16 is available to us (unless it's delayed) which sounds ideal.
Test suite: workaround Pidgin's DBus interface being blocked.
We actually depend on it for some tests.
#1 Updated by anonym almost 2 years ago
Apparently there is a 5 year old (but unpublished?) CVE for this: https://census-labs.com/news/2012/02/25/libpurple-otr-info-leak/
Upstream ticket: https://developer.pidgin.im/ticket/14830
I think it can be disabled with something like:
DBUS_SESSION_BUS_ADDRESS= pidgin. Otherwise we could always recompile with
#7 Updated by intrigeri almost 2 years ago
- Subject changed from Pidgin exposes everything through its D-Bus interface to Pidgin exposes everything through its D-Bus service
Note to myself:
dbus-send --session --print-reply --dest=im.pidgin.purple.PurpleService /im/pidgin/purple/PurpleObject im.pidgin.purple.PurpleInterface.PurpleAccountsGetAll returns exit code 0 iff. Pidgin is running and I am allowed to talk to its D-Bus service.
#8 Updated by intrigeri almost 2 years ago
- Status changed from Confirmed to In Progress
- Assignee changed from intrigeri to anonym
- % Done changed from 0 to 50
- QA Check set to Ready for QA
- Feature Branch set to bugfix/14612-deny-access-to-pidgin-dbus-service
Thankfully that was trivial :) Once Tails Server has some kind of proper privileged backend / unprivileged frontend separation (#12297) I expect it'll be feasible to give its backend access to the D-Bus interface without broadening the attack surface more than needed.
#9 Updated by anonym almost 2 years ago
- Assignee changed from anonym to intrigeri