An issue with group based <policy> in dbus daemon
Havoc Pennington
hp at pobox.com
Mon Aug 4 06:05:30 PDT 2008
Hi,
On Mon, Aug 4, 2008 at 4:06 AM, Markku Savela <msa at moth.iki.fi> wrote:
> I thought this was actually checking against the *current* client
> process suplementary groups. However, it basicly only checks against
> static /etc/groups information based on the client process UID.
Slightly worse even, it has to cache that info so it checks against a
potentially stale version of it ...
> - should I just redefine the <policy group=..> semantics, or do we
> need the new keyword, like "dgroup" or something?
Until the kernel patch is in upstream kernel, we probably wouldn't
take this patch in upstream dbus, so it's a little academic ...
Thinking about it, I'm not sure we'd take this as the new
implementation of group= anyway, since it would not work on other
platforms besides linux. So doing it as dynamic_group or the like
would most likely be simplest. (I would not abbreviate ... maybe
there's a clearer name than dynamic_group, not sure I can think of one
though)
Havoc
More information about the dbus
mailing list