hp at redhat.com
Mon Sep 18 13:07:17 PDT 2006
Derek Ditch wrote:
> Hi, I'm new here, but just wanted to point out a possible problem with this
> appraoch (which may already be obvious, if so, I apologize). By setting the
> uid to 1 and just assuming the console user, you break the use-case where
> someone may want to run a terminal server with multiple sessions of a
> particular app (say using KOffice when it is released w/ KDE4). If everyone
> on the system effectively has the same uid to dbus, then anyone will be able
> to access the IPC of all the other users.
The uid of 1 should not escape outside a single dbus process, it would
just be an internal token to indicate "authenticated as the same user as
the current bus process" i.e. (1 == _dbus_getuid())
A bus using this hack would not allow anyone to connect except the owner
of the bus process. i.e. it only works for the per-user-session bus.
More information about the dbus