Is SHA1 cookie authentication broken?
Havoc Pennington
hp at redhat.com
Sat Aug 26 15:59:10 PDT 2006
Hi,
Some partial comments -
- it's a bit gross that bus.c special-cases the sha1 mechanism, would be
better if there were some way to ask the auth stuff if it needs
superuser, and then have a flag needs_superuser in the implementation of
each auth mechanism
- I think a (setuid?) slave process is a fundamentally better approach
since it avoids having to keep privileges for the whole bus; having the
bus become less secure due to adding an auth mechanism is just kind of odd
- _dbus_abort should be for a bug in the app, use just _dbus_exit(1) for
an error in config, etc.
- maybe using open() to create the file with the right permissions
initially would be good, as Daniel mentions
I think it might be better to simply disallow SHA1 if the bus is running
as a user different from the current user?
Havoc
More information about the dbus
mailing list