The Plan for CVE-2008-4311
Scott James Remnant
scott at canonical.com
Tue Jan 13 11:44:51 PST 2009
On Tue, 2009-01-13 at 14:14 -0500, Colin Walters wrote:
> > Services that have methods must allow clients to send those
> methods
> > by context. Services that require restricted signals deny clients
> > from receiving them.
>
> What service requires restricted signals? Remember, in the 1.2.8
> stream, it's a bug in applications or bindings to not be using match
> rules or another mechanism to verify the origin of signals.
>
Perhaps I'm just inventing a spurious use case, but would we want to
support clients sending signals between each other that are not for
general viewing?
If we want to support such a thing, we have to allow the policy to deny
other clients from receiving those signals.
If we don't want to support such a thing, then my argument is moot ;)
We should document that the only way to have such private signals is by
explicit destination when you send it.
(ie. all unicast signals are public)
Scott
--
Scott James Remnant
scott at canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/dbus/attachments/20090113/019880b4/attachment.pgp
More information about the dbus
mailing list