question on <auth> and .dbus_keyrings

Waldo Bastian bastian at
Sun Jun 25 11:44:18 PDT 2006

On Saturday 24 June 2006 12:14, Havoc Pennington wrote:
> I was looking at the comment at policy.c:457 , looking again the code
> right after the comment does not do what the comment says ;-)
> According to cvs history the code and the comment were in the same
> patch, so who knows what we intended...

I think it makes sense to say that, as a matter of policy, the system bus 
should be used for anything that crosses privilege boundaries. I think it 
also make sense to keep the current code as is and update the comment, since 
it doesn't seem to have bitten anyone so far that root can't connect to the 
session bus.

The disadvantage is that you can't run an arbitrary program as root and tell 
it to connect to an existing session bus, but from a security pov that is 
probably better anyway.

Linux Client Architect - Channel Platform Solutions Group - Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url :

More information about the dbus mailing list