Security concerns on the Windows DBUS port
Havoc Pennington
hp at redhat.com
Sun Apr 8 22:48:38 PDT 2007
Fan Wu wrote:
> all truthful authentication relies on the help of the OS, be it
> credentials passed in unix domain socket, or SHA1_COOKIE. For
> SHA1_COOKIE, it relies on the fact that the OS protects the access of
> an user's home directory by other non-root users. But the problem with
> SHA1_COOKIE is that a process' user account might not have a home
> directory, or the home directory is not private, like the nobody in
> Unix and LocalSystem in windows. In these cases you might not be able
> to use SHA1_COOKIE at all.
>
Surely there is *some* way to do authentication on Windows. I'm guessing
there are dozens. My point is, whatever that way is, the dbus port can
use it; just add a new authentication mechanism. For example you could
do basically the same thing as the cookie auth, but using somewhere
other than the homedir to store the cookie, wherever Windows is
guaranteed to keep it private.
If it isn't clear, the Windows port is not supposed to be finished yet.
If you can help get it finished everyone would be excited to welcome you
to the team ;-)
Havoc
More information about the dbus
mailing list