[Bug 42809] DBusTube access control is under-specified

Fri Nov 11 15:33:22 CET 2011

https://bugs.freedesktop.org/show_bug.cgi?id=42809

--- Comment #1 from Olli Salli <ollisal at gmail.com> 2011-11-11 06:33:22 PST ---
(In reply to comment #0)
> I think the values for S_A_C that make sense for D-Bus tubes are:
> 
> * Localhost: any local user can connect to the CM. I'd re-interpret this as
>   "use dbus_connection_set_unix_user_function() and
>   dbus_connection_set_windows_user_function() to set a function that
>   allows everyone".

Agree.

> 
> * Credentials: for D-Bus I'd either re-interpret this as
>   "use the default D-Bus auth handshake as used for the session bus,
>   which only allows the same uid; omit the extra byte", or deprecate it
>   for D-Bus tubes (it's fine to use on stream tubes) and introduce a
>   new S_A_C_DBus_Same_User which is explicitly "use the normal D-Bus
>   mechanisms to determine that it's the same user".

I vote for the way of the reinterpretation. In hindsight, it'd probably have
been better to have separate access control enums in StreamTube and DBusTube,
but as they're shared (also with FT), I favor the way where there are the
fewest values specific to DBus tubes. The Credentials notion isn't too far off
from what S_A_C_DBus_Same_User would be, the difference mostly being that the
dbus transport library implements the credential passing for you.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.