Anonymous auth method is broken
Havoc Pennington
havoc.pennington at gmail.com
Sat Jan 31 12:08:23 PST 2009
Hi,
Here is the bug:
http://bugs.freedesktop.org/show_bug.cgi?id=15393
There's lots of past discussion on this:
http://lists.freedesktop.org/archives/dbus/2007-November/009000.html
http://lists.freedesktop.org/archives/dbus/2007-November/009001.html
http://lists.freedesktop.org/archives/dbus/2008-August/010209.html
http://lists.freedesktop.org/archives/dbus/2008-August/010208.html
http://lists.freedesktop.org/archives/dbus/2008-July/010176.html
http://lists.freedesktop.org/archives/dbus/2008-August/010212.html
Nothing has really changed....
The fundamental thing to know is that ANONYMOUS with dbus-daemon has
never been intended to work; the anonymous mechanism was created for
people writing custom, non-dbus-daemon servers with the DBusServer
API.
So ANONYMOUS with dbus-daemon is simply not implemented, not thought
through, and does not exist. It doesn't make any sense in the intended
uses of dbus-daemon (system and session bus), it's only useful for
people "abusing" dbus-daemon for random stuff, so I don't have much
understanding of how to evaluate this issue, and I don't expect the
current dbus maintainers will fix it themselves. It's something
someone who has a use for this is going to need to explain the
use-cases for and iterate the patch until it gets in.
Havoc
More information about the dbus
mailing list