Introspection

[Colin Walters]

On Mon, Dec 8, 2008 at 10:33 AM, David Zeuthen <david at fubar.dk> wrote:
>
> Now, I'd argue that one natural thing here is that this invocation *by
> default* should allow any other process to send messages to *any*
> interfaces for the name org.freedesktop.PolicyKit.

Broadly speaking, there are two kinds of system services.  Those that
use PolicyKit, and those that use the dbus policy rules (e.g.
kerneloops, avahi).  There's probably code out there that does manual
non-PolicyKit checks on the service side, but we'll lump that in with
PolicyKit.

For as long as I've been involved with DBus the messaging around the
system bus was that it was default deny.  It is staggering that we
went so long without discovering this bug.  Clearly someone must have
discovered it earlier, since the meme of adding <policy
context="default"><deny>... had to come from somewhere.  But anyways:

I see your argument about the defaults.  I think personally the major
error here was mine; I vastly underestimated the scope of this and
didn't handle it well.  Certainly it shouldn't have gone into Fedora
directly.  But - we chose a direction, which is changing the default
to what it was intended to be originally.  There's already a release
now, and I'd rather not change the messaging again.

> it's not really
> realistic to require that all D-Bus system configuration files needs to
> be revised (which is the current situation); some vendors may have
> customers with custom stuff they can't fix.

Remember a large chunk of config files need to be revised either way -
if we kept the default, we'd have to add the <default><deny> stanzas.