Package: bluez Version: 5.79-1 Severity: important X-Debbugs-Cc: aeru...@aerusso.net
Dear maintainer, A default installation of bluez results in the systemd user unit mpris-proxy.service being started for all users---including root. This unnecessarily exposes root to any security vulnerability in mpris-proxy. Please consider the following trivial patch that changes this default behavior. Best, Antonio Russo From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001 From: Antonio Enrico Russo <aeru...@aerusso.net> Date: Sun, 26 Jan 2025 08:00:26 -0700 Subject: [PATCH] Do not start mpris-proxy for root user A default installation of bluez results in the systemd user unit mpris-proxy.service being started for all users---including root. This unnecessarily exposes root to any security vulnerability in mpris-proxy. Inhibit this default behavior by using ConditionUser=!root. Signed-off-by: Antonio Enrico Russo <aeru...@aerusso.net> --- tools/mpris-proxy.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in index 5307490..118ed6e 100644 --- a/tools/mpris-proxy.service.in +++ b/tools/mpris-proxy.service.in @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)Wants=dbus.socket
After=dbus.socket +ConditionUser=!root[Service]
Type=simple -- 2.48.1
OpenPGP_0x72DB026E04C1C768.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
