Loadable security modules for D-Bus
John Johansen
john.johansen at canonical.com
Mon Jan 9 08:33:24 PST 2012
On 01/09/2012 04:45 PM, Thiago Macieira wrote:
> On Monday, 9 de January de 2012 16.01.32, Lennart Poettering wrote:
>>> It is not clear to me, the necessity to load the module dynamically.
>>> The plugin could be compiled together with D-Bus, no need for dynamic
>>> load. The source can be independent, just respecting the API but built
>>> together. We also need to specify somehow the plugins which are mandatory
>>> to be loaded.
>>
>> I am strongly against doing this kind of dynamic module loading in the
>> D-Bus daemon. Quite frankly, this is just crazy. I see no reason at all
>> to have dynamically loaded modules here, if this can be statically
>> compiled in, then I see no reason at all to create a complex module
>> loading infrastructure with hooks and stuff.
> [snip]
>> So, yeah, not sure if I have the power to NACK this, but if I do this
>> gets a 1st rate NACK from me.
>
> I agree with Lennart and with Felipe's last paragraph: we definitely don't need
> dynamic loading. There is not going to be any distribution where the security
> mechanism isn't known at compile time.
>
Well both ubuntu and suse support multiple security mechanism and would likely
want to build support for multiple mechanisms in, having the correct mechanism
selected when dbus is started via a config, or the security system's init code
detecting which mechanism is in use.
> I would take Felipe's work only as far as "let's clean the code up so we don't
> need to patch everywhere for each new mechanism". The code would be compiled
> into the binary in all cases.
>
>
>
>
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
More information about the dbus
mailing list