Is SHA1 cookie authentication broken?

Havoc Pennington hp at redhat.com
Fri Aug 25 15:26:49 PDT 2006


Hi,

I think it is broken for the system daemon (that's why it isn't in the 
default config file for the system daemon, also credentials are probably 
more secure). The session daemon uses it though.

> NetBSD lacks socket credentials which prevents D-Bus to work
> appropriately when connecting to the system daemon:

Are you sure there's no way at all to get credentials from a socket in 
netbsd? Most systems have some kind of way, a couple are supported in 
dbus-sysdeps.c already.

> Am I right in the items above?  I have some local changes that fix
> both items (test suite still not passes though).  It may be also worth
> to make the sha1 cookie mechanism optional at build-time so that the
> daemon can really drop all privileges when this authentication
> procedure is not needed.

I think you're right that sha1 cookie doesn't work with the system 
daemon. For creating the cookie in homedirs, probably either the daemon 
needs more privileges or we'd have to write some kind of slave process 
that had more.

For file ownership, seems right to just set it properly, though I 
haven't thought through possible race-condition-based attacks between 
writing the file and changing its permissions, there may be some.

For the system daemon credentials are much preferred on any system that 
has them though...

Havoc



More information about the dbus mailing list