D-Bus optimizations

Thiago Macieira thiago at kde.org
Thu Mar 1 04:49:59 PST 2012


On quinta-feira, 1 de março de 2012 07.36.53, Colin Walters wrote:
> On Tue, 2012-02-28 at 13:56 +0100, Thiago Macieira wrote:
> > This applies to malformed messages, but does not apply to well-formed but
> > spoofed messages. The checking of the credentials needs to be done by a
> > trusted source.
> 
> Right.  Being able to spoof Sender would be a major regression if
> multicast sockets were used in their current form on the system bus.
> 
> We could probably get away with it on the session bus.  I'm not
> aware of anyone actively trying to differentiate between applications
> on the session bus, mainly because you hit the immediate problem
> of them sharing a uid.

We'd still want some checking to make sure we don't have a broken application 
sending out messages for a name it tried to register and failed, or registered 
and lost.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20120301/3c1b63d9/attachment.pgp>


More information about the dbus mailing list