D-Bus optimizations
Thiago Macieira
thiago at kde.org
Thu Mar 1 04:49:59 PST 2012
On quinta-feira, 1 de março de 2012 07.36.53, Colin Walters wrote:
> On Tue, 2012-02-28 at 13:56 +0100, Thiago Macieira wrote:
> > This applies to malformed messages, but does not apply to well-formed but
> > spoofed messages. The checking of the credentials needs to be done by a
> > trusted source.
>
> Right. Being able to spoof Sender would be a major regression if
> multicast sockets were used in their current form on the system bus.
>
> We could probably get away with it on the session bus. I'm not
> aware of anyone actively trying to differentiate between applications
> on the session bus, mainly because you hit the immediate problem
> of them sharing a uid.
We'd still want some checking to make sure we don't have a broken application
sending out messages for a name it tried to register and failed, or registered
and lost.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20120301/3c1b63d9/attachment.pgp>
More information about the dbus
mailing list