Potential security issue?

Simon McVittie simon.mcvittie at collabora.co.uk
Fri Feb 27 05:18:15 PST 2009

On Fri, 27 Feb 2009 at 17:27:17 +0800, Halton Huo wrote:
> $ls -l /tmp/dbus-*
> srwxrwxrwx   1 halton   other 0 Feb 17 17:25 /tmp/dbus-kJszTkgcj1
> Here 777 means everyone can control my dbus socket file.

This is not actually true: the dbus-daemon does its own access control checks,
normally using Unix socket credential-passing, and will reject connections
from other users (controversially, even root!) if the uid doesn't match.

Some Unix systems (notably, older versions of Solaris/SunOS, and BSD <= 4.3)
do not respect sockets' filesystem permissions (and always behave as though
they were 777), so they cannot be relied on for security.

Linux happens to be a system where filesystem permissions *are* respected;
however, D-Bus on Linux usually uses "abstract sockets" that do not appear
in the filesystem, meaning that dbus-daemon can't rely on filesystem
permissions there either.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/dbus/attachments/20090227/19395cd0/attachment.pgp 

More information about the dbus mailing list