Missing user bus?
Robert McQueen
robert.mcqueen at collabora.co.uk
Sat Sep 24 15:32:41 PDT 2005
On Sat, Sep 24, 2005 at 05:25:07PM +0200, Jakub Piotr Cłapa wrote:
> The system bus could spawn a per-user bus daemon and then advertise it's
> UNIX domain socket address (in the abstract namespace). The standard (as
> in the session bus) authentication rules would then be used. The only
> problem I can think of is the system bus running as root and spawning
> user processes...
This is the problem I was alluding to. Maybe it would be better to just
create a service on the system bus that acted as a registry for user
buses, and have the library start a user bus daemon if there isn't one,
then register its socket address. Then the system bus doesn't need to
have any priveleged operations, but we allow persistent bus daemons to
be located later on. Given we can do unix user authentication pretty
easily, this could avoids the security issues with trying to do
something like /tmp/dbus-user (am I right in thinking the potential
problem is a symlink attack? could you avoid it by mkdir a random
directory then rename() it?).
> --
> Regards,
> Jakub Piotr Cłapa
Regards,
Rob
More information about the dbus
mailing list