Anonymous auth method is broken

[Havoc Pennington]

Hi,

On Sun, Feb 1, 2009 at 4:17 PM, Schmottlach, Glenn
<glenn.schmottlach at harman.com> wrote:
> So, it boils down to the fact that I'm inherently lazy. I have a reference dbus-daemon implementation that does 99.9% of what I want it to do. The 0.1% that is missing is being able to TCP/IP into the daemon. I'd rather not write a completely new daemon to implement this functionality. It's unfortunate that this feature could not be added but disabled by default (via the configuration file) to eliminate the obvious security hole. I'm sure I wouldn't be the only embedded developer who would appreciate this feature on the reference implementation.

A config flag <allow_anonymous/> with docs in 'man dbus-daemon' saying
that it is (obviously) insecure makes some sense to me, if it's just a
debug feature.
It looks like the patch on the bug already does this  (well, minus
docs). Does that patch work for you guys?

Someone said on the bug that it does not seem to work:
http://lists.freedesktop.org/archives/dbus/2008-November/010632.html
Anyway, so that may need some debugging. I would add any fixes to the
patch or observations on whether it works as comments on the bug:
http://bugs.freedesktop.org/show_bug.cgi?id=15393

Havoc