Loadable security modules for D-Bus
Thiago Macieira
thiago at kde.org
Mon Jan 9 08:00:51 PST 2012
On Monday, 9 de January de 2012 16.52.57, Lennart Poettering wrote:
> Note that I not only think that loadable modules would be a bad idea
> here, I also believe that any kind of abstraction towards that goal
> would already be wrong. i.e. from Felipe's patch dsm.c needs to go, too,
> regardless whether what is hooked in there would be dynamically or
> statically compiled.
That I don't agree. I think that having a clean API with the proper hooks into
the security sensitive points is welcome. That has a few benefits:
1) we don't clutter the main code with #ifdefs for the different backends
2) new backends don't have to figure out where they need to hook up and how
This of course needs to be done properly, so that all the backends can be
supported cleanly and correctly.
I would rather that there weren't multiple mechanisms, but that's not relevant
in this discussion: they exist.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20120109/a33b4aa1/attachment.pgp>
More information about the dbus
mailing list