Accessing Session Bus through the superuser

Thiago Macieira thiago at kde.org
Mon Mar 17 13:59:54 PDT 2008 

Avery Pennarun wrote:
>This is true of any temporary file used by any program.  It's simple
>to just delete the file next time the program starts.

You forgot that the session bus's socket is a random name. The next time 
it runs, it won't know of the old name. So it won't remove.

So they always accumulate.

The system bus's socket works like you describe.

>It's easy to tell if a socket file is still in use or not by trying to
>connect to it: if the listener is dead, you get ECONNREFUSED, so it's
>safe to delete the file.  (There is a slight race condition here if
>you're not careful, if multiple copies of the daemon are started
>simultaneously.)

Moot point.

>>  D-Bus comes with a "dbus-cleanup-sockets" that can be run in a cron
>>  job, but, _lame_. Old-style sockets are just sucky if the socket
>>  doesn't have a fixed name. (It can't have a fixed name or there's a
>>  DOS where someone else creates the per-user name before the user
>> does; the socket has to be in /tmp since homedirs are often on NFS and
>> thus can't have sockets.)
>
>This was news to me so I checked to make sure: at least on Linux 2.6,
>NFS-mounted folders *can* contain unix domain sockets.  I just tried
>it now, and it's fine.  I'm pretty sure it's been fine for a long
>time, as implementing it would likely be harder than not implementing
>it.  (Of course you can't talk from one computer to another just
>because your unix-domain socket is nfs-mounted.  That would be magic.
>But creating an inode with a particular mode is easy, and that's all a
>unix domain socket really is on the filesystem.)

The fact that your Linux NFS client allows sockets doesn't mean the NFS 
server does. Or if you're not using a Unix-style filesystem for your home 
(I know some people use SMB for their homes; questionable, but still 
exists).

>The dbus system bus uses uid-based authentication, but authorizes
>different users to do different things, so the more complex behaviour
>is desirable.  (Ironically, the system bus uses concrete unix sockets,
>not abstract ones, at least on Ubuntu.  Also ironically, this is
>probably because of the useful filesystem-level security enforcement
>of concrete unix sockets, used here to prevent non-root from listening
>on that address.)

And you forgot the cleanup: the system bus always listens on the same 
socket. So cleaning up after it crashed or after a power failure is easy.

>The session bus actually implements a completely different third
>security policy using a third type of socket.

And on Windows it uses named pipes instead of sockets.

-- 
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/dbus/attachments/20080317/e7c2ae4f/attachment.pgp

More information about the dbus mailing list