Accessing Session Bus through the superuser
Havoc Pennington
hp at pobox.com
Mon Mar 17 11:58:39 PDT 2008
Hi,
On Mon, Mar 17, 2008 at 2:21 PM, Avery Pennarun <apenwarr at gmail.com> wrote:
>
> It took an awfully long time to invent them, then. The tradeoff seems
> to be having to remember to unlink() the file,
It's not about remembering to unlink, it's unlinking period. There is
no robust way to be sure the unlink occurs; if the server process is
killed, the kernel does not clean up the socket on the filesystem.
D-Bus comes with a "dbus-cleanup-sockets" that can be run in a cron
job, but, _lame_. Old-style sockets are just sucky if the socket
doesn't have a fixed name. (It can't have a fixed name or there's a
DOS where someone else creates the per-user name before the user does;
the socket has to be in /tmp since homedirs are often on NFS and thus
can't have sockets.)
> vs. having to implement
> your own security to duplicate what the kernel already does. I'm not
> sure abstract sockets made the right tradeoff here, especially if
> non-Linux systems using DBus have to use something else anyway.
It's wrong to think all dbus is doing is replicating the kernel
security check. The bus daemon needs to know the UID, not just know
that the kernel allowed someone to connect, in order to apply dbus
security policies. Moreover, dbus already had to implement auth in
order to support TCP.
Havoc
More information about the dbus
mailing list