Accessing Session Bus through the superuser
Havoc Pennington
hp at pobox.com
Mon Mar 17 14:38:24 PDT 2008
Hi,
On Mon, Mar 17, 2008 at 5:19 PM, Avery Pennarun <apenwarr at gmail.com> wrote:
> But this is only a problem because they use a random name
Again, in /tmp you must use a random name.
ORBit does not use a random name in /tmp exactly, but what it does do
is challenging enough to understand (and I believe resulted in a
couple security errata) that I think it's plainly a bad model.
> decision made for other reasons that appear not to be actually valid
> after all. If the sockets used a non-random name (like every other
> unix-domain socket on my entire system),
The other sockets are not for per-user daemons, for the most part.
dbus does not use a random name for the system daemon either.
> on. I'm not sure dbus should cater to this (seemingly a bit
> imaginary) case.
It is not imaginary; avoiding sockets (and also fcntl lockfiles) in
the homedir is an explicit decision based on the real-world problems
gconfd had with putting lockfiles in the homedir. The problems
include: misconfigured or old NFS that doesn't support these things;
AFS; and SMB. The other problem is that you still need a per-machine
name, not a fixed name, though that problem is relatively easy to
solve.
In a perfect world, UNIX would have a /var/$USERNAME/run,
/var/$USERNAME/tmp, etc. for each user, owned by that user. But, the
world is not perfect.
In any case, allowing root to always connect is hardly difficult to
change in dbus-daemon, so I don't know what this conversation is
about. If we want uid 0 to always be allowed the patch is 1 line or
something.
Havoc
More information about the dbus
mailing list