Anonymous auth method is broken

Havoc Pennington hp at
Sun Feb 1 13:21:56 PST 2009


On Sun, Feb 1, 2009 at 4:17 PM, Schmottlach, Glenn
<glenn.schmottlach at> wrote:
> So, it boils down to the fact that I'm inherently lazy. I have a reference dbus-daemon implementation that does 99.9% of what I want it to do. The 0.1% that is missing is being able to TCP/IP into the daemon. I'd rather not write a completely new daemon to implement this functionality. It's unfortunate that this feature could not be added but disabled by default (via the configuration file) to eliminate the obvious security hole. I'm sure I wouldn't be the only embedded developer who would appreciate this feature on the reference implementation.

A config flag <allow_anonymous/> with docs in 'man dbus-daemon' saying
that it is (obviously) insecure makes some sense to me, if it's just a
debug feature.
It looks like the patch on the bug already does this  (well, minus
docs). Does that patch work for you guys?

Someone said on the bug that it does not seem to work:
Anyway, so that may need some debugging. I would add any fixes to the
patch or observations on whether it works as comments on the bug:


More information about the dbus mailing list