where is dbus 1.2 ?
Sjoerd Simons
sjoerd at luon.net
Sat Nov 24 03:23:04 PST 2007
On Fri, Nov 23, 2007 at 11:56:25PM -0500, Havoc Pennington wrote:
> The 1.1.2 release notes had a plea for someone to audit the setuid
> helper for system activation, which would still be advisable, but there
> is not much reason to block 1.2.0 on this.
FWIW before uploading dbus 1.1.2 to Debian i did a minimal audit of the setuid
helper. The code looks good to me as long as you can trust the dbus
configuration files and service files (Which i think is a pretty fair
assumption).
Though it would be good for someone to triplecheck the code that does the
actually dropping from root priviledges to whatever is specified in the service
file. I'm not an expert in that area.
Sjoerd
--
Before you ask more questions, think about whether you really want to
know the answers.
-- Gene Wolfe, "The Claw of the Conciliator"
More information about the dbus
mailing list