Tracking users/sessions on the console

Havoc Pennington hp at redhat.com
Sun Jan 29 13:09:46 PST 2006


On Sun, 2006-01-29 at 10:24 +0000, Matthew Johnson wrote:
> Does the address contain any secrets, or is the access control model
> based on who owns the socket and can write to it?

Neither - the access control is based on authentication after you have
already connected to the socket. On Linux, abstract sockets are used so
there aren't any file ownership/permissions. The default auth mechanism
is to just read the uid of the peer on the socket, but on systems
without that feature or over TCP, there's also a shared secret stored in
the home directory.

The bus address probably does provide a little extra "security through
obscurity" making attacks more annoying to execute, but no real
security.

Havoc




More information about the dbus mailing list