Issues while using DBUS over TCP

Schmottlach, Glenn GSchmott at harmanbecker.com
Wed Aug 6 11:39:29 PDT 2008


> The two use-cases that current TCP support has been written for are:

> * to share the session bus when a user is logged into two machines
> sharing a home directory via a networked filesystem
> * to write a custom DBusServer (NOT a dbus-daemon) that accepts
> anonymous connections

> Nobody has coded support for "have a custom dbus-daemon exported over
tcp"

Understood.

Perhaps I need step back up a bit. I'm building a Linux based embedded
box. The only network this box will be on is a "closed" network (e.g. no
worries about firewalls, NAT, etc...). If I want to make this box appear
as a web-service I'd use SOAP, XML-RPC, CORBA, a REST-ful provider, or
one of the other frameworks geared for deploying services in-the-large
(e.g. outside of a local LAN). DBus (the daemon in particular) would be
used within the target platform as a communications conduit between
local services (media players, Blue-tooth services, HMI, USB services,
etc...). Of course, what would be nice is to divide each one of these
components into separate processes that advertise services to the daemon
as well as signal various events (typical pub-sub architecture). I think
these uses fall under the umbrella of intended uses for DBUS.

As you probably know, debugging and/or testing a target device can be
tough. I'd love to sit on my development PC and write some scripts in
Python that talk to my target device and receive various events from the
DBUS daemon. This "development" pathway would be "turned-off" or hidden
in some way prior to shipping the product. It's only intended to be used
for internal development on a closed network. So, in this kind of
environment, it would be "ok" to statically assign known credentials to
an anonymous user that arrived at the daemon over TCP (e.g. the user
would be assumed to be *the* remote user and be using a pre-configured
remote user account). So, would there be a way to hack up dbus-auth.c to
assign some pre-canned credentials to an anonymous user? So instead of
clearing all the user credentials, substitute some known ones (or
perhaps, pass a "user" id/name with the anonymous connection that could
be used to look-up credential information)? Again, security is not the
concern here and not necessarily the problem that is being addressed. I
just don't want to "crash" the daemon with a connection that lacks
credentials since you say this has never really been tested.

Can you suggest where/how such a hack might be introduced (e.g.
somewhere to look in the code and any possible mechanisms that might
support this)? 
 
*******************************************
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
 
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the contents in this e-mail is strictly forbidden.
*******************************************


More information about the dbus mailing list