Security concerns on the Windows DBUS port

[Fan Wu]

Hi all,

I have couple of concerns on the Windows DBUS port. I've tried digging
into the archive but haven't found answers to my questions.

I think the current windbus implementation using TCP socket is mainly
because it's hard to find a counterpart of Unix domain socket in
windows. But the problems with TCP socket are

1) possible conflict with personal firewall

One of the projects I worked on used TCP socket of localhost for IPC,
and there are many cases that firewall has caused our products
useless. The percentage is small but the sheer number is large due to
the large installation base.

2) how do you know the client is telling the truth about the user
credential (sid)?

With Unix domain socket the OS is making sure the credentials passed
thru the socket is right (not faked). With TCP socket you are not
getting such help from the OS and you can't be sure the other end of
the transport is using libdbus to talk to you. So it's possible a
rogue application may use its own client side dbus implementation to
spoof a legitimate user.

I'm not arguing DBUS shall fend against the case when the whole
machine has been 0wned, but I do expect the authentication in DBUS can
raise the bar higher.

Thanks,
Fan