Passing sensitive data over D-Bus
nalimilan at club.fr
Sat Nov 7 06:03:54 PST 2009
In the system-tools-backends/gnome-system-tools, we have long been
encrypting user passwords before sending them over the bus from the GUI
to the privileged backends. But this raises several problems since we're
forced to reimplement in the GUI a password-encryption mechanism that is
not distribution-dependent, which can severely break things. So we'd
like to send the clear-text password to the backends, letting the
standard system tools or PAM itself do what should be done.
Is D-Bus considered secure for this kind of highly sensitive data, when
sender and receiver are on the same host? If not, since SSL encryption
is not supported AFAIK, that would leave us with opening a pipe to pass
the secrets between the GUI and the backend. What do you think of this
solution? Is there a general model for this kind of use case?
More information about the dbus