Running DBUS as a Windows service

Yiyang Fei yiyangfei36 at yahoo.com
Tue Apr 12 21:08:08 UTC 2016


Thank you for the quick response.  The issues you point out are concerns for us but we have not found a solution.  We will explore limiting our system to rely only on session bus for now.
Cheers,Yiyang 

    On Tuesday, April 12, 2016 10:48 AM, Simon McVittie <simon.mcvittie at collabora.co.uk> wrote:
 

 On 12/04/16 17:16, Yiyang Fei wrote:
> I want to use DBUS as a Windows service because we are building a
> cross-platform application that will use DBUS as the primary IPC
> solution.  A critical part of our application runs as a service before
> users log in, which is why we need the DBUS to also be available as a
> Windows service.

>From the information you've given, I can only give general responses - I
don't know what your application does, or what it needs. It is possible
that the D-Bus protocol and/or the dbus-daemon implementation of that
protocol are not suitable for your requirements.

D-Bus on Windows is not treated as a security boundary, and in
particular the reference implementation and the authentication protocols
used have not been audited for multi-user safety (which would be
necessary for an equivalent of the well-known system bus on Unix). If
you want to use it in a multi-user way, you will have to take
responsibility for putting together a design that meets your security
requirements, whatever those are. The authentication protocol that is
normally used on Unix relies on AF_UNIX sockets with
credentials-passing, which are very much Unix-specific; we are not aware
of a way to do the same thing on Windows.

As I said on the bug you referenced, we don't and shouldn't support a
general-purpose system bus on Windows unless we can get it to a
sufficiently high-quality state that it is secure, both in terms of
"users cannot impersonate other users" and "users cannot crash the
dbus-daemon or make it execute arbitrary code". If you contribute
patches to make this possible, those are the key things I will be
looking for during review.

If your specific application has weaker requirements than the more
general system bus, then you may be able to put together something
simpler that meets your requirements, but first you need to define what
those requirements are.

As a consequence of the system bus being unsupported on Windows, our
policy at the moment is that we do not generally treat Windows-specific
bugs as security vulnerabilities, even if we would treat an equivalent
Unix-specific bug as a security vulnerability (embargoes, CVE IDs,
security-fix releases and so on).

> The most recent information I found is from 2013
> https://bugs.freedesktop.org/show_bug.cgi?id=68741 and pertained to
> v1.5.  Does anyone know if this has been fixed in v1.10.x and how to
> configure the daemon to run as a service?

If you compare the source code of 2013 D-Bus with the source code of
2016 D-Bus, you will find that this has not been worked on. If you
require this feature, you will need to implement it (or use a different
protocol).

-- 
Simon McVittie
Collabora Ltd. <http://www.collabora.com/>

_______________________________________________
dbus mailing list
dbus at lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dbus


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20160412/cdec777d/attachment.html>


More information about the dbus mailing list