Accessing Session Bus through the superuser
Avery Pennarun
apenwarr at gmail.com
Mon Mar 17 11:12:57 PDT 2008
On Mon, Mar 17, 2008 at 1:10 PM, Thiago Macieira <thiago at kde.org> wrote:
> Not really. It prevents you from accidentally running an application as root
> and accessing your shared resources in your session. The application running
> as root would create files that the user cannot later modify.
But why is it dbus's job to do this? If we want to prevent the user
from running applications as root, surely that's an application-level
decision.
> But, as you say, it's very easy to circumvent for legitimate uses. So I'd
> rather keep the extra action necessary, to keep people from using it
> accidentally.
At the very least, an error message would be a huge help.
> > Since the session bus security model is so simple (correct uid == ok,
> > incorrect uid == not ok), dbus-daemon might as well just use pure
> > socket-level security to prevent access by unauthorized users on the
> > session bus.
>
> There's no such protection in abstract sockets. That's the whole reason why
> the check was introduced in the first place.
Perhaps that's why nobody else uses abstract sockets for anything.
The world has worked pretty smoothly for years with X11 and syslog
sockets being concrete, for example. I'm not sure what the advantage
of abstract sockets is supposed to be.
Have fun,
Avery
More information about the dbus
mailing list