Potential security issue?
Simon McVittie
simon.mcvittie at collabora.co.uk
Fri Feb 27 05:18:15 PST 2009
On Fri, 27 Feb 2009 at 17:27:17 +0800, Halton Huo wrote:
> $ls -l /tmp/dbus-*
> srwxrwxrwx 1 halton other 0 Feb 17 17:25 /tmp/dbus-kJszTkgcj1
>
> Here 777 means everyone can control my dbus socket file.
This is not actually true: the dbus-daemon does its own access control checks,
normally using Unix socket credential-passing, and will reject connections
from other users (controversially, even root!) if the uid doesn't match.
Some Unix systems (notably, older versions of Solaris/SunOS, and BSD <= 4.3)
do not respect sockets' filesystem permissions (and always behave as though
they were 777), so they cannot be relied on for security.
Linux happens to be a system where filesystem permissions *are* respected;
however, D-Bus on Linux usually uses "abstract sockets" that do not appear
in the filesystem, meaning that dbus-daemon can't rely on filesystem
permissions there either.
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/dbus/attachments/20090227/19395cd0/attachment.pgp
More information about the dbus
mailing list