Anonymous auth method is broken
wuertz at uni-mainz.de
Sat Jan 31 11:43:57 PST 2009
I took some time to examine the anonymous method further. The problem is
not related to TCP/IP. The anonymous method is not doing anything at all
at the moment. According to ChangeLog.pre-1-2, there is a
"allow_anonymous" flag which has been added some time ago (2007-06-12).
The "auth_via_default_rules" method relies on this flag if you want
anonymous access to succeed. But the flag is completely unused. Its not
even initialized. So if you choose to be pedantic about that, there is a
security hole in dbus because "auth_via_default_rules" accesses an
undefined flag, which is luckily zero by default.
I'm not sure how to use this flag properly. The flag belongs to the
DBusTransport struct. But the anonymous auth methods in dbus-auth.c
don't have access to any transport object, thus the anonymous method
cannot set the allow_anonymous flag for itself. So actually you have to
move the flag from the DBusTransport struct to the DBusCredentials
struct and let the anonymous auth method enable it, right?
On the other hand, the default session-bus configuration from my distro
does not specify any auth methods, so any auth method is allowed by
default, even the anonymous auth method, which does not work luckily. So
maybe the anonymous method is supposed to be broken.
On Sat, 2009-01-31 at 16:38 +0100, Schmottlach, Glenn wrote:
> I encountered a similar problem last November and I have yet to see the
> problem resolved. I'm not sure if what I was seeing is identical to
> you, but follow this link for my hack-around:
> It seems like no one ever tests anonymous authentication over TCP/IP
> and I suspect this has been broken for quite some time. Perhaps one of
> the maintainers can verify that this is indeed a problem and come up
> with a more appropriate fix (or clarify it's usage).
More information about the dbus