Starting the kdbus discussions

Colin Walters walters at verbum.org
Fri Jan 3 14:39:34 PST 2014


On Fri, 2014-01-03 at 12:45 +0000, Simon McVittie wrote:

> I think something like this is the only way this can possibly be
> functional and secure. G_BUS_TYPE_SYSTEM_UNTRUSTED, perhaps?

But it's really quite ugly to inflict that on every currently
correct service (which is most of them from my point of view).

Ugly enough that I'd really like to keep thinking about options.

> I would personally not only reject this patch, but distrust a project
> that would accept it (at least without a rename to
> --enable-insecure-kdbus-policy or something else that indicates its
> security implications).

I'd agree with that name.

>  This can only be secure on a system that is
> locked-down even by embedded standards, such that no third-party
> privileged service can ever be installed; it's inappropriate for
> general-purpose OSs like, say, Fedora.

"embedded" to me is strongly characterized by "fixed purpose", i.e. no
(or strongly de-emphasized) ability to install system extension
software.

Concretely if you install a legacy DBus service on your OpenWRT box by
hand, you get both pieces.

It would also apply to gnome-continuous, which is "embedded" in this
sense (albeit the target hardware is qemu-kvm).




More information about the dbus mailing list