Accessing Session Bus through the superuser
Avery Pennarun
apenwarr at gmail.com
Mon Mar 17 09:29:19 PDT 2008
On Mon, Mar 17, 2008 at 8:02 AM, Thiago Macieira <thiago at kde.org> wrote:
> I still don't know of any good use-case to allow the root user -- or any user
> for that matter -- to connect to a user's session bus. Besides, that always
> brings the questions: which users? And which busses?
I've run into this problem myself. My use case: testing stuff.
Sometimes, you're testing, and you're root, and you expect to be able
to do anything you want, and the session bus randomly doesn't work.
That's just weird. root can do anything; that's the standard rule of
Unix, and there's no advantage to breaking it here.
It's not like security is enhanced by this restriction. root can do
anything, so if root wants, root can seteuid() to the "correct" user,
connect successfully, and seteuid() back to root again. So all this
has done is create an inconvenience for legitimate users instead of
blocking illegitimate users.
Since the session bus security model is so simple (correct uid == ok,
incorrect uid == not ok), dbus-daemon might as well just use pure
socket-level security to prevent access by unauthorized users on the
session bus. That would be one *less* place for a security hole:
unauthorized users would be blocked at the kernel level, and
dbus-daemon would never have to know, *and* a useful error code would
be returned when someone unauthorized tried to connect. Right now, it
just disconnects silently, making diagnosis very difficult. I
personally and several of my friends have been bitten by this. If you
haven't seen it before, it can take a long time to diagnose.
Have fun,
Avery
More information about the dbus
mailing list