Security concerns on the Windows DBUS port
Ralf Habacker
ralf.habacker at freenet.de
Sat Apr 7 03:35:48 PDT 2007
Fan Wu schrieb:
> Hi all,
>
> I have couple of concerns on the Windows DBUS port. I've tried digging
> into the archive but haven't found answers to my questions.
>
> I think the current windbus implementation using TCP socket is mainly
> because it's hard to find a counterpart of Unix domain socket in
> windows. But the problems with TCP socket are
>
> 1) possible conflict with personal firewall
>
> One of the projects I worked on used TCP socket of localhost for IPC,
> and there are many cases that firewall has caused our products
> useless. The percentage is small but the sheer number is large due to
> the large installation base.
There was a try to implement named pipes see
http://webcvs.freedesktop.org/dbus/dbus/README.win?view=markup
".. there are some efforts to get named pipe running, but some
design problems of the win32 api, we are not able to solve without
bigger changes to the dbus code base let us stop this effort."
> 2) how do you know the client is telling the truth about the user
> credential (sid)?
>
> With Unix domain socket the OS is making sure the credentials passed
> thru the socket is right (not faked). With TCP socket you are not
> getting such help from the OS and you can't be sure the other end of
> the transport is using libdbus to talk to you. So it's possible a
> rogue application may use its own client side dbus implementation to
> spoof a legitimate user.
>
> I'm not arguing DBUS shall fend against the case when the whole
> machine has been 0wned, but I do expect the authentication in DBUS can
> raise the bar higher.
The recent windows implementation has a kind of autolaunch support by
using a shared memory area, in which the dbus-daemon stores his
connection informations. See
http://webcvs.freedesktop.org/dbus/dbus/dbus/dbus-sysdeps-win.c?view=markup
for more informations.
There related functions are
_dbus_daemon_init(), _dbus_daemon_release(), which handles the shm area
on the server side and
_dbus_get_autolaunch_shm() which retrieves the related informations for
the client side.
I haven't written the implementation but this feature may be used to
secure the tcp connection.
Patches are welcome.
Regards
Ralf
More information about the dbus
mailing list