'Machine ID' underspecified?
Thomas Kluyver
thomas at kluyver.me.uk
Wed Dec 9 15:15:34 UTC 2020
Thanks Simon,
On Wed, 9 Dec 2020, at 13:44, Simon McVittie wrote:
> > E.g. if you exposed a D-Bus proxy to the network
> > which only accepted messages to certain bus/object names, should you
> > also handle GetMachineId specially in the proxy to avoid exposing the
> > 'confidential' ID?
>
> Perhaps yes, but it depends on your threat model and your confidentiality
> requirements. If your design assumes that the network is completely trusted
> (like D-Bus-over-TCP, traditional remote X11, and traditional NFS) then it
> would be pointless to filter GetMachineId.
I was envisaging a semi-trusted model - e.g. I might proxy the session bus so another machine I control could send me desktop notifications, but not access secrets. It sounds like in a case like that, I don't need to worry too much about exposing my machine ID.
Aside: org.freedesktop.secrets is very convenient as a concrete example of why you don't want to allow unfettered access to the session bus if you don't have to.
Thomas
More information about the dbus
mailing list