From 9495516e0cf5bb6d96f1785fe956de03bd6c0d1d Mon Sep 17 00:00:00 2001
From: pixl <pixlone@pm.me>
Date: Fri, 27 Sep 2024 20:43:01 -0400
Subject: [PATCH] Fix CVE-2024-45752

Prevents arbitrary users from accessing d-bus interface. Fixes #473.
This change now requires any application using the LogiOps D-Bus
interface to run as root.
---
 src/logid/logiops-dbus.conf.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/logid/logiops-dbus.conf.in b/src/logid/logiops-dbus.conf.in
index 1ce423f7..e680b320 100644
--- a/src/logid/logiops-dbus.conf.in
+++ b/src/logid/logiops-dbus.conf.in
@@ -3,11 +3,12 @@
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 
 <busconfig>
-  <policy user="root">
-    <allow own="pizza.pixl.LogiOps"/>
+  <policy context="default">
+    <deny receive_sender="pizza.pixl.LogiOps"/>
   </policy>
 
-  <policy context="default">
+  <policy user="root">
+    <allow own="pizza.pixl.LogiOps"/>
     <allow send_destination="pizza.pixl.LogiOps"/>
     <allow receive_sender="pizza.pixl.LogiOps"/>
   </policy>