How not to use dbus (in cars or anywhere else)

Thiago Macieira thiago at kde.org
Tue Aug 25 10:56:17 PDT 2015


On Tuesday 25 August 2015 18:25:06 Simon McVittie wrote:
> On 25/08/15 17:47, Thiago Macieira wrote:
> > Is that the same as the Windows mechanism?
> 
> You'd think so, but actually no.
[cut]
> done as part of the transport instead of during the SASL negotiation. I
> don't know why DBUS_COOKIE_SHA1 wasn't considered to be sufficient, and
> there doesn't seem to be any rationale given in the git history.

Are you sure the order of events are right? Wasn't the nonce-tcp created first?

> The two primary use-cases of D-Bus (the system bus and the session bus
> on vaguely Unixish systems) should be fine with the unix: transport and
> EXTERNAL authentication on any reasonable platform. For instance, I
> don't think sd-bus actually supports anything except EXTERNAL.
> 
> > Anyway, this is relying on NFS security. If NFS is secure for you, who are
> > we to disagree?
> 
> People who would rather not be run over by a hacked Jeep, or otherwise
> damaged by whatever embedded device does D-Bus wrong next? :-P

Yeah, those people.

Anyway, we've been saying over and over again that D-Bus over the network is a 
bad idea. We don't support it and we don't plan on supporting it. The NFS-like 
case is an exception and it mostly assumes a completely trusted network, which 
no sysadmin today worth their salt would do. You cannot assume that all 
machines are trusted even if you installed them all, since one of them could 
be hacked and serve as attack vector.

If you want D-Bus over a network, maybe you should consider looking at 
AllJoyn. They've implemented authentication underneath a distributed D-Bus.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358



More information about the dbus mailing list