where is dbus 1.2 ?
Sergey Struzh
sergeystruzh at gmail.com
Wed Jan 9 13:51:39 PST 2008
Hi Havoc,
Back to the old thread...
Attached please find the patch to the dbus-daemon that enables using
ANONYMOUS auth mechanism in case the conf file enables it. You were right
the change is pertty simple; I tested it both against dbus-1.1.2 and latest
git repository - it seems to work well. I would appreciate if you include
this patch in the coming 1.2.0 release.
One issue of your possible concern may be that patched daemon will allow
ANONYMOUS connections if its conf file doesn't specify ANY auth mechanism
(which is the case for a default session.conf in ubuntu ditros for instance)
- so this might be a potencial security hole.
Couple of words regarding my rational to use ANONYMOUS auth mechanism - my
plan is to use dbus in my project (which is ARM based embedded device
running Linux) as central mean of IPC (daemon + various modules exposing
their API on it; c++ bindings) . TCP transport will only be used for testing
purposes ( e.g. invocation of various APIs from remote PC - testing server -
using test scripts written in Python) and only in clean environment - that's
why I don't really care of the security and ANONYMOUS is basically great for
me.
P.S. generous credits for actually producing the patch should go to Mr.
Andrey Olkhovik who happens to work under my guidance.
On 11/27/07, Havoc Pennington <hp at redhat.com> wrote:
>
> Hi,
>
> Sergey Struzh wrote:
> > So now my question is whether it was thought through already or when (if
>
> > ever) you're planning to do so? Is it your roadmap?
> >
>
> Not right now. What I mean by "thought through" is for example, I don't
> know why you would want a bus daemon that allowed anonymous access. So
> step one in thinking it through is to describe (on this list) some of
> the use-cases. Then we could talk about how to add the feature (which
> would presumably be pretty simple, just have the bus daemon call
> set_allow_anonymous() if ANONYMOUS is one of the auth mechanisms, or
> something).
>
> If the feature appears useful and we talk about how to add it, the
> remaining step would be for a volunteer to write a patch (which should
> be a very simple patch).
>
> For the system and session bus, I don't know why ANONYMOUS would be
> useful - so I am guessing you are using the bus daemon for some other
> custom purpose, with a custom config file?
>
> Havoc
>
>
>
--
Regards,
Sergey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/dbus/attachments/20080109/293ccf97/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-daemon-support-anonymous-patch.diff
Type: text/x-patch
Size: 728 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/dbus/attachments/20080109/293ccf97/attachment.bin
More information about the dbus
mailing list