[RFC] Fixing the machine id

David Zeuthen zeuthen at gmail.com
Sat Mar 5 07:12:30 PST 2011


On Sat, Mar 5, 2011 at 9:46 AM, Lennart Poettering <mzqohf at 0pointer.de> wrote:
>> using the abstract socket is bad for security since you have no
>> permission checks anymore. And essentially anybody could start owning
>> that socket. You do not really want that.
> Well, the system bus socket is accessible by everybody anyway, and
> authentication is based on SCM_CREDENTIALS mostly anyway.

Doesn't matter. The message bus client process does not check the
credentials of the message bus process (in libdbus-1 and GDBus anyway)
- only the message bus process checks the credentials of the client.
So, yes, it's entirely possible for any random process to take over
this abstract socket and pretend to be the system message bus. Of
course the system message bus would need to somehow crash and that
rarely happens.

We could add bilateral authentication, sure, but that's just not how
it works right now.


More information about the dbus mailing list