Hi, On Sat, May 17, 2025 at 03:12:47PM +0200, Salvatore Bonaccorso wrote: > On Sun, Jan 26, 2025 at 08:04:27AM -0700, Antonio Russo wrote: > > Hello, > > > > A default installation of bluez results in the systemd user unit > > mpris-proxy.service being started for all users---including root. > > This unnecessarily exposes root to any security vulnerability in > > mpris-proxy. > > > > Please consider the following trivial patch that changes this > > default behavior. > > > > Best, > > Antonio Russo > > > > > > From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001 > > From: Antonio Enrico Russo <aerusso@xxxxxxxxxxx> > > Date: Sun, 26 Jan 2025 08:00:26 -0700 > > Subject: [PATCH] Do not start mpris-proxy for root user > > > > A default installation of bluez results in the systemd user unit > > mpris-proxy.service being started for all users---including root. > > This unnecessarily exposes root to any security vulnerability in > > mpris-proxy. > > > > Inhibit this default behavior by using ConditionUser=!root. > > > > Signed-off-by: Antonio Enrico Russo <aerusso@xxxxxxxxxxx> > > --- > > tools/mpris-proxy.service.in | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in > > index 5307490..118ed6e 100644 > > --- a/tools/mpris-proxy.service.in > > +++ b/tools/mpris-proxy.service.in > > @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1) > > Wants=dbus.socket > > After=dbus.socket > > +ConditionUser=!root > > [Service] > > Type=simple > > -- > > 2.48.1 > > Looping in all primary involved people for adding or touching the > systemd unit file. Luiz, Guido and Andrew, any opinion on the proposed > change? E.g. pipewire does the same, this makes sense to me. Reviewed-by: Guido Günther <agx@xxxxxxxxxxx> Cheers, -- Guido > > For reference as well discussed in downstream Debian in > https://bugs.debian.org/1094257 > > Regards, > Salvatore >
