DBus for RMI

[Matthew Johnson]

On Mon Sep 03 18:03, Sven Herzberg wrote:
> Hey guys,
> 
> I'd work on a small project and two apps (on different hosts) are
> supposed to exchange some data. I thought I'd implement it like this,
> please tell me if you think this is a reasonable approach:
> 
> 1. When one app goes into receiving mode it starts a dbus-daemon on a
> local tcp port.
> 2. It announces the open port via avahi (service-discovery, etc.).
> 3. The sending app will see the new service and connect to it

This seems like a reasonable approach but:

> 4. As DBus doesn't do any network-related security (TLS,
> authentication), I'll implement a small pin-based login (similiar to the
> pairing process of bluetooth - that will satisfy the security needs for
> this app).
> 
> 5. After this login, the client can call methods on remote objects
> (sending data, triggering some calculations, receiving data back).

Between steps 4 and 5 the attacker injects packets to call a different
method. There is nothing in TCP to prevent this. Or they snoop the PIN.
Either you have to trust the network (in which case any authentication
is pointless) or you need to run it all over TLS. There is no direct TLS
support in D-Bus (yet), but you could use something like stunnel to
create a secure tunnel for the D-Bus connection, then have a shared
secret authentication to authenticate the end points (the TLS is used to
ensure that the person who authenticated is the only person who can send
traffic to that socket)

Matt

--
www.matthew.ath.cx
D-Bus Java
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/dbus/attachments/20070903/3322f8f5/attachment.pgp