dbus insecure over secure TCP?
L A Walsh
dbus at tlinx.org
Fri Jul 13 17:33:32 UTC 2018
fr:https://dbus.freedesktop.org/doc/dbus-specification.html#transports-tcp-sockets
says:
In particular, configuring the well-known system bus or the
well-known session bus to listen on a non-loopback TCP address is
insecure
Why? If the TCP-PATH between systems is secure, how is dbus insecure?
Also says:
Remote TCP connections were historically sometimes used to share a
single session bus between login sessions of the same user on
different machines within a trusted local area network, in
conjunction with unencrypted remote X11, a NFS-shared home directory
and NIS (YP) authentication. This is insecure against an attacker on
the same LAN and should be considered strongly deprecated; more
specifically, it is insecure in the same ways and for the same
reasons as unencrypted remote X11 and NFSv2/NFSv3.
I use unencrypted remote X11 and CIFS over a secure network. Why would
DBUS over a secure network be insecure, and why would it be deprecated?
Why is DBUS advertising that it is insecure when used over secure networks?
In addition to dedicated lines, TCP connections over VPNs and ssh have been
around for 30 years or more. Perhaps some people don't remember users only
using secure SSH clients that placed a remote client as a secured node
inside one of the company's secure zones?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20180713/62218c1a/attachment.html>
More information about the dbus
mailing list