How to interact with existing dbus session through sudo?

Louise Baldwin louiserbaldwin at aol.com
Tue Mar 18 14:32:25 PDT 2014


I really do appreciate your reply, but please note that, through additional trial and error, I have determined that it is in fact possible to interact with an existing dbus session through sudo ...

I was previously attempting to do this by exporting the DBUS_SESSION_BUS_ADDRESS value stored in the file located within /home/Louise/.dbus/session-bus/

This didn't work, and I have just now figured out why ... the DBUS_SESSION_BUS_ADDRESS value stored in this file does not match the one reported by /usr/bin/env for user Louise.

If I manually take the DBUS_SESSION_BUS_ADDRESS from env (run by Louise) and put it into the script that gets sudo'd as Louise from root, it works ...

So my new question is: why doesn't the value for DBUS_SESSION_BUS_ADDRESS in /home/Louise/.dbus/session-bus/ match the value reported for Louise by env? I see that the file hasn't been modified since March 13th. It was my impression that the file should be updated any time Louise gets a new DBUS_SESSION_BUS_ADDRESS...? Is there any other more appropriate way for me to retrieve the current DBUS_SESSION_BUS_ADDRESS for user Louise?

 

 

 

-----Original Message-----
From: Thiago Macieira <thiago at kde.org>
To: dbus <dbus at lists.freedesktop.org>; Louise Baldwin <louiserbaldwin at aol.com>
Sent: Tue, Mar 18, 2014 4:44 pm
Subject: Re: How to interact with existing dbus session through sudo?


Em ter 18 mar 2014, às 14:22:45, Louise Baldwin escreveu:
>  Why not?
> 
> I need to be able to run tasks consecutively for two different users (root
> and Louise). How do you suggest this be accomplished if it's "impossible"
> to use sudo with dbus?

It's not permitted because the bus daemon disconnects if it detects a 
connection from a different user. It's been like that for 8 years.

Maybe the solution to your problem is to use something other than D-Bus. 
Moreover, if one of the processes is running as root, you need to do a 
thorough verification of the incoming data to avoid exploits leading to 
privilege escalation.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358


 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20140318/ef841719/attachment.html>


More information about the dbus mailing list