where is dbus 1.2 ?
Havoc Pennington
hp at pobox.com
Tue Feb 19 17:37:33 PST 2008
Hi,
On Feb 19, 2008 4:20 AM, Gavrie Philipson <gavrie at gmail.com> wrote:
> Would this be safe enough to leave in production code? According to the
> description of the dbus_connection_set_allow_anonymous function in the code, it
> applies only when ANONYMOUS is listed among the authentication mechanisms, which
> is not the case on production systems.
>
I think it is probably safe, but to be honest I'm not sure... I guess
keeping it separate from the auth mechanism list was just pedantic,
but maybe I had some reason for it.
Aside from security, there's the matter of workingness - I don't know
if the bus daemon code handles things correctly if connection_get_user
doesn't return a user.
So I would suggest looking over the codepaths that are involved. It's
probably slightly safer as well to set some type of flag when setting
up the auth mechanisms, and only allow_anonymous if there's an
anonymous auth mechanism.
Havoc
More information about the dbus
mailing list