DevHeads.net

I am running a rather locked down environment

I do not allow services to run on my desktop to listen on networks,
using SELinux user staff_t in rawhide. A couple of weeks ago I noticed
this AVC message.

time->Wed Nov 9 22:29:26 2011
type=SYSCALL msg=audit(1320895766.065:125): arch=c000003e syscall=50
success=no exit=-13 a0=7 a1=1 a2=a a3=0 items=0 ppid=1 pid=1815
auid=3267 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 tty=(none) ses=3 comm="obex-data-serve"
exe="/usr/bin/obex-data-server"
subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1320895766.065:125): avc: denied { listen } for
pid=1815 comm="obex-data-serve"
scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023
tcontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tclass=socket

Turns out we have a new service running on our desktop called
obex-data-server.

rpm -qif /usr/bin/obex-data-server
obex-data-server is a D-Bus service to allow sending and receiving files
using the ObexFTP and Obex Push protocols, common on mobile phones and
other Bluetooth-equipped devices.

Meaning this is a tool that can be used by bluetooth devices to off load
data off my desktop. I don't want to allow any random telephone that
gets near my laptop to be able to attempt to remove data from my computer.

Now I am sure the people who have written this tool and bluetooth,
believe they did a good job securing the app, but why is it running on
my laptop by default?

So I go to remove it.

yum remove obex-data-server

And yum wants to remove all bluetooth from my system. Which brings up
the question why does bluez require this service?

Did I do something to activate it? How do I deactivate it? Is it
activated by default all all systems?

Comments

Re: I am running a rather locked down environment

By =?UTF-8?B?IkrDs... at 11/09/2011 - 15:25

On 11/09/2011 06:45 PM, Daniel J Walsh wrote:
Now now be a sport this finally allows me to use my bluetooth sniper
riffle [1] to suck some data other than crappy text msg =)

1. <a href="http://www.tomsguide.com/us/how-to-bluesniper-pt1,review-408.html" title="http://www.tomsguide.com/us/how-to-bluesniper-pt1,review-408.html">http://www.tomsguide.com/us/how-to-bluesniper-pt1,review-408.html</a>