You are not logged in.
*I dont have any problem or any issue, its just geeks for geeks*
First let me ask you, is it safe to use a DE with a security vulnerability? Will I have any problems?
Afterwards, how can I help with fixes and/or submitting reports? What can be done? I'm interested in bug-fixing and I'm already interested in cybersecurity.
What i tried:
For example, one of the vulnerabilities is that someone without root privileges can access dbus and freedesktop and execute commands.
I tried to see this first (both for fun and to teach me Linux) but i failed when i try to make folder with busctl command *syntax problem must be*
busctl --system call :1.186 /com/deepin/anything com.deepin.anything addPath s "testFolder"
Call failed: The path must start with '/'
busctl --system call :1.186 /com/deepin/anything com.deepin.anything addPath s PATH =/testFolder
zsh: /testFolder not found ##### even tho i created onebusctl --user call org.deepin.filemanager.server /org/deepin/filemanager/server org.freedesktop.FileManager1.CreateFile s "new_file.txt"
Too few parameters for signature.
busctl --user call org.deepin.filemanager.server /org/deepin/filemanager/server org.freedesktop.FileManager1.CreateFile s "new_file.txt" s
Failed to parse 's' as signed 16-bit integer: Invalid argument
busctl --user call org.deepin.filemanager.server /org/deepin/filemanager/server org.freedesktop.FileManager1.CreateFile s "new_file.txt" x
Failed to parse 'x' as signed 16-bit integer: Invalid argument
busctl --user call org.deepin.filemanager.server /org/deepin/filemanager/server org.freedesktop.FileManager1.CreateFile s "new_file.txt" y
Failed to parse 'y' as signed 16-bit integer: Invalid argument
busctl --user call org.deepin.filemanager.server /org/deepin/filemanager/server org.freedesktop.FileManager1.CreateFile s "new_file.txt" a
Failed to parse 'a' as signed 16-bit integer: Invalid argument
busctl --user call org.deepin.filemanager.server /org/deepin/filemanager/server org.freedesktop.FileManager1.CreateFile s "new_file.txt" i
Failed to parse 'i' as signed 16-bit integer: Invalid argumentbusctl list:
busctl
NAME PID PROCESS USER CONNECTION>
:1.0 1 systemd root :1.0 >
:1.1 579 dbus-broker-lau root :1.1 >
:1.10 697 accounts-daemon root :1.10 >
:1.11 708 polkitd polkitd :1.11 >
:1.17 751 systemd lightdm :1.17 >
:1.186 6470 deepin-anything root :1.186 >
:1.20 799 dde-dconfig-dae dde-dconfig-daemon :1.20 >
:1.22 793 dde-system-daem root :1.22 >
:1.25 835 rtkit-daemon root :1.25 >
:1.287 9859 lightdm root :1.287 >
:1.289 9900 dde-session guns :1.289 >
:1.290 9919 dde-session guns :1.290 >
:1.292 9945 dde-desktop guns :1.292 >
:1.293 9958 dde-application guns :1.293 >
:1.294 9946 dde-file-manage guns :1.294 >
:1.295 9956 dde-session-dae guns :1.295 >
:1.296 9977 xdg-desktop-por guns :1.296 >
:1.298 9961 deepin-kwin_x11 guns :1.298 >
:1.3 584 systemd-machine root :1.3 >
:1.309 9952 dde-polkit-agen guns :1.309 >
:1.310 9946 dde-file-manage guns :1.310 >
:1.428 15175 kitty guns :1.428 >
:1.45 995 systemd guns :1.45 >
:1.485 17491 busctl test :1.485 >
:1.81 1463 dde-file-manage root :1.81 >
:1.82 1463 dde-file-manage root :1.82 >
com.deepin.anything 6470 deepin-anything root :1.186 >busctl introspect --system com.deepin.anything /com/deepin/anything
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
com.deepin.anything interface - - -
.addPath method s b -
.allPath method - as -
.cacheDir method - s -
.cancelBuild method s b -
.hasLFT method s b -
.hasLFTSubdirectories method s as -
.insertFileToLFTBuf method ay as -
.lftBuinding method s b -
.parallelsearch method ssas as -
.parallelsearch method suusas asuu -
.quit method - - -
.refresh method ay as -
.removeFileFromLFTBuf method ay as -
.removePath method s b -
.renameFileOfLFTBuf method ayay as -
.search method ixuussb asuu -
.search method ssb as -
.setCodecNameForLocale method ay ay -
.sync method s as -
.autoIndexExternal property b true emits-change writable
.autoIndexInternal property b true emits-change writable
.logLevel property i 1 emits-change writable
.addPathFinished signal sb - -
org.freedesktop.DBus.Introspectable interface - - -
.Introspect method - s -
org.freedesktop.DBus.Peer interface - - -
.GetMachineId method - s -
.Ping method - - -
org.freedesktop.DBus.Properties interface - - -
.Get method ss v -
.GetAll method s a{sv} -
.Set method ssv - -
.PropertiesChanged signal sa{sv}as - --------------------
Related links:
https://bugzilla.opensuse.org/show_bug.cgi?id=1136026
https://bugzilla.opensuse.org/show_bug.cgi?id=1130388
https://bugzilla.opensuse.org/show_bug.cgi?id=1134131
https://bugzilla.opensuse.org/show_bug.cgi?id=1134132
Last edited by jojo06 (2024-06-09 10:18:13)
Offline