Loadable security modules for D-Bus

Thiago Macieira thiago at kde.org
Mon Jan 9 08:00:51 PST 2012


On Monday, 9 de January de 2012 16.52.57, Lennart Poettering wrote:
> Note that I not only think that loadable modules would be a bad idea
> here, I also believe that any kind of abstraction towards that goal
> would already be wrong. i.e. from Felipe's patch dsm.c needs to go, too,
> regardless whether what is hooked in there would be dynamically or
> statically compiled.

That I don't agree. I think that having a clean API with the proper hooks into 
the security sensitive points is welcome. That has a few benefits:

1) we don't clutter the main code with #ifdefs for the different backends

2) new backends don't have to figure out where they need to hook up and how

This of course needs to be done properly, so that all the backends can be 
supported cleanly and correctly.

I would rather that there weren't multiple mechanisms, but that's not relevant 
in this discussion: they exist.
-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20120109/a33b4aa1/attachment.pgp>


More information about the dbus mailing list