1. 17 Jan, 2014 5 commits
  2. 16 Jan, 2014 2 commits
  3. 14 Jan, 2014 3 commits
  4. 13 Jan, 2014 3 commits
    • Zeeshan Ali's avatar
      build: Don't break build if setcap fails · 067b575e
      Zeeshan Ali authored
      Based on a patch from Colin Walters <walters@verbum.org>
      067b575e
    • Zeeshan Ali's avatar
      build: Give installed geoclue ptrace capability · 194c9728
      Zeeshan Ali authored
      Unless geoclue is run as root (which it shouldn't), it can't access
      /dev/${PID}/exe for processes running as other users. This access is
      protected by CAP_SYS_PTRACE capability so we now give that to installed
      geoclue binary after installation.
      194c9728
    • Zeeshan Ali's avatar
      service-manager: More secure identification of apps & agents · 764a7e4e
      Zeeshan Ali authored
      We have been using /proc/${PID}/cmdline for identifying apps but that
      can be overwritten by app itself very easily. Instead we look at what
      /proc/${PID}/exe is pointing to. The only way an app/agent can fool
      geoclue now is by overwriting the binary of a whitelisted agent or
      authorized app.
      
      We can make things a lot more secure by only allowing binaries to be in
      privileged directories (e.g /usr/bin and /usr/libexec etc) since then a
      random unprivileged binary can't just overwrite known binaries. However,
      this will break geoclue for developers (think jhbuild). Perhaps we
      should do this but provide an option in conf file to either disable
      these checks or provide the whitelists binary directories?
      
      Thanks to Lennart Poettering for advice.
      764a7e4e
  5. 11 Jan, 2014 3 commits
  6. 10 Jan, 2014 1 commit
    • Zeeshan Ali's avatar
      service-manager: Give agents time to register on autolaunch · f000df84
      Zeeshan Ali authored
      If geoclue was auto-launched on a Manager.GetClient() call, agents
      haven't yet got the time to register and we'll end up falsely
      denying apps access to geolocation data.
      
      So if there is no agent for appropriate user on a call to Manager.GetClient(),
      we wait 1 second before replying to client app.
      f000df84
  7. 02 Jan, 2014 1 commit
  8. 04 Dec, 2013 2 commits
  9. 26 Sep, 2013 4 commits
  10. 25 Sep, 2013 4 commits
  11. 24 Sep, 2013 1 commit
    • Zeeshan Ali's avatar
      ipclient: Don't use proxy · 73586126
      Zeeshan Ali authored
      Seems proxy settings are per-user and system users (which geoclue is
      supposed to run as) do not have access to them so proxy won't work
      anyways and by using it, we only endup spitting out loads of warnings:
      
      (geoclue:9412): dconf-CRITICAL **: unable to create directory
      '/run/user/500/dconf': Permission denied.  dconf will not work properly.
      
      This patch however doesn't yet get rid of all the warnings due to a bug in
      libsoup: https://bugzilla.gnome.org/show_bug.cgi?id=708696
      73586126
  12. 18 Sep, 2013 3 commits
  13. 17 Sep, 2013 1 commit
  14. 16 Sep, 2013 7 commits