<div dir="ltr">Thank you for your reply.  What you said makes sense.  It appears that a better solution than avoiding message validation by using "trusted peer" mode would be to make message validation more efficient for large arrays of bytes, integers, etc.  <br> <br>When the function, validate_body_helper, in dbus-marshal-validate.c encounters an array it will call validate_body_helper for every element of the array.  There is a "FIX ME" comment on line 423 that suggests avoiding this function call when the element type is a fixed-size type.  When I made this change and ran some benchmarks, I found that sending a large byte array took approximately the same time regardless of whether the element type was declared as bytes or as integers with the number of elements changed to 1/4 of the original number.  The execution time also was essentially the same as when running in "trusted peer" mode.  With large arrays, the time saved can be significant.<br> <br>I am working with the 1.2.4 release.  This was a pretty simple change and there do not appear to be any side effects or loss of security.  In the case of validating an array of bytes, calling validate_body_helper doesn't appear to do anything.  For other fixed-size types, it checks that the alignment is correct.  However, you already check the alignment of the first element when you discover that the current type is DBUS_TYPE_ARRAY, so iterating through the rest of the array to perform this check does not appear to have any value. <br> <br>Should I submit a patch for this in bugzilla or is there a reason why this change hasn't already been made that I missed?<br><br>Thanks,<br><br>Jon<br><br><div class="gmail_quote">On Wed, Oct 8, 2008 at 4:12 AM, Havoc Pennington <span dir="ltr"><<a href="mailto:hp@pobox.com">hp@pobox.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br> <div class="Ih2E3d"><br> On Tue, Oct 7, 2008 at 1:14 PM, Jon Gosting <<a href="mailto:yukarionsen@gmail.com">yukarionsen@gmail.com</a>> wrote:<br> > 1.  I noticed that some of the execution time in the scenario described<br> > above is in the dbus-daemon.  I suspect that it is also caused by message<br> > validation, but didn't see where this was happening in the code.  Is there a<br> > similar change that I can make in the dbus-daemon code to put it into<br> > "trusted peer" mode?<br> <br> </div>dbus-daemon uses libdbus, so the libdbus change also affects it.<br> <div class="Ih2E3d"><br> > 2.  Are there any plans to make this a configuration option (either<br> > compile-time or run-time) in the future?<br> <br> </div>I don't know if that makes sense; it's more just a profiling hack to<br> illustrate where some of the performance cost is. I'd be a little<br> afraid of people (or linux distributions) enabling it by default and<br> creating a huge security problem.<br> <font color="#888888"><br> Havoc<br> </font></blockquote></div><br></div>