dbus insecure over secure TCP?

L A Walsh dbus at tlinx.org
Fri Jul 13 17:33:32 UTC 2018


fr:https://dbus.freedesktop.org/doc/dbus-specification.html#transports-tcp-sockets
says: 

    In particular, configuring the well-known system bus or the
    well-known  session bus to listen on a non-loopback TCP address is
    insecure


Why?  If the TCP-PATH between systems is secure, how is dbus insecure?

Also says:

    Remote TCP connections were historically sometimes used to share a
    single session bus between login sessions of the same user on
    different machines within a trusted local area network, in
    conjunction with unencrypted remote X11, a NFS-shared home directory
    and NIS (YP) authentication. This is insecure against an attacker on
    the same LAN and should be considered strongly deprecated; more
    specifically, it is insecure in the same ways and for the same
    reasons as unencrypted remote X11 and NFSv2/NFSv3.

I use unencrypted remote X11 and CIFS over a secure network.  Why would
DBUS over a secure network be insecure, and why would it be deprecated?

Why is DBUS advertising that it is insecure when used over secure networks?

In addition to dedicated lines, TCP connections over VPNs and ssh have been
around for 30 years or more.  Perhaps some people don't remember users only
using secure SSH clients that placed a remote client as a secured node
inside one of the company's secure zones?

Thanks!





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20180713/62218c1a/attachment.html>


More information about the dbus mailing list