New SE-DBUS patch
Colin Walters
walters at redhat.com
Sat Jun 26 09:57:19 PDT 2004
On Sat, 2004-06-26 at 01:33 -0400, Havoc Pennington wrote:
> On Fri, 2004-06-25 at 15:23, Colin Walters wrote:
> > Eek. In that case, barring SE-X, there isn't any way to reliably get a
> > security context - since the X server is acting as an intermediary,
> > correct?
>
> Yep, absolutely.
>
> The good news is that we expect to use only UNIX domain sockets for
> talking to the systemwide bus. This kind of issue would only apply to
> the session bus. We have the same problem with e.g. a TCP socket I would
> think (we can't have a context for one of those, right?)
At the moment, yeah. The NSA did have some work on labeled networking,
but it was rejected for inclusion in the Linux mainline. I think
that'll eventually be picked up again, and we'll then have a way to get
a security context from a TCP socket too.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://freedesktop.org/pipermail/dbus/attachments/20040626/c6eaa197/attachment-0001.pgp
More information about the dbus
mailing list