Is SHA1 cookie authentication broken?

Havoc Pennington hp at redhat.com
Sat Aug 26 15:59:10 PDT 2006


Hi,

Some partial comments -

- it's a bit gross that bus.c special-cases the sha1 mechanism, would be 
better if there were some way to ask the auth stuff if it needs 
superuser, and then have a flag needs_superuser in the implementation of 
each auth mechanism

- I think a (setuid?) slave process is a fundamentally better approach 
since it avoids having to keep privileges for the whole bus; having the 
bus become less secure due to adding an auth mechanism is just kind of odd

- _dbus_abort should be for a bug in the app, use just _dbus_exit(1) for 
an error in config, etc.

- maybe using open() to create the file with the right permissions 
initially would be good, as Daniel mentions

I think it might be better to simply disallow SHA1 if the bus is running 
as a user different from the current user?

Havoc



More information about the dbus mailing list