The Plan for CVE-2008-4311
Colin Walters
walters at verbum.org
Tue Jan 13 12:06:26 PST 2009
On Tue, Jan 13, 2009 at 2:14 PM, Colin Walters <walters at verbum.org> wrote:
>
> Well, if you look at the current system bus policy, it does not use
> <deny> except for one special case relating to
> SetActivationEnvironment[1]. Let me just paste it here:
And the missing footnote is:
[1] And I'd say we should change this to be an explicit <allow> list
for every bus method we want to expose.
More information about the dbus
mailing list