How not to use dbus (in cars or anywhere else)
Thiago Macieira
thiago at kde.org
Tue Aug 25 09:47:35 PDT 2015
On Tuesday 25 August 2015 15:23:13 Simon McVittie wrote:
> On Windows, we have to use TCP because there is no AF_UNIX, but we could
> maybe limit it to 127.0.0.1 and ::1.
Not to mention that the default is the TCP+Nonce method, which is a form of
external authentication that requires the client to prove its identity by
providing the contents of a file in the filesystem.
However, that transmission is done in plain text, so it's not suitable for
remote authentication anyway.
Anything remote needs to provide its own encryption support. For example,
AllJoyn sources provide their own encrypted connections and then provide
another level of end-to-end encryption of the payload, inside the D-Bus
network.
> However, removing support for TCP would break one of the use-cases for
> which D-Bus-over-TCP was designed: sharing a bus on a trusted LAN,
> alongside a NFS home directory, DBUS_COOKIE_SHA1 (proving you can access
> $HOME) for authentication, and probably shared X11
> <http://lists.freedesktop.org/archives/dbus/2008-July/010176.html>. This
> is clearly not very secure either - it requires absolute trust in every
> machine on your LAN, which was maybe acceptable in the late 90s/early
> 00s, but now it's 2015 and maybe that isn't relevant any more?
Is that the same as the Windows mechanism?
Anyway, this is relying on NFS security. If NFS is secure for you, who are we
to disagree?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
More information about the dbus
mailing list