<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <style> /* Linda's Style playground (c) 2011 L. A Walsh (permission given to do w/this anything other than claim my original as your own! -- <a class="moz-txt-link-abbreviated" href="mailto:dept.playgrounds@tlinx.org">dept.playgrounds@tlinx.org</a> ) */ /* margin:(X):=T+B+R+L; (V H):V=T+B,H=R+L; (T H B):T,H=R+L, (T R B L) */ html, body { font: 12pt "Lucida Console", monospace, fixed; font-size-adjust:.50; background-color:#f8fefb; color:#104060; max-width:90ex; } table, tbody, tr, td {font: inherit;font-size 11.4pt; } p { margin: 1em; text-indent:1em } p+p { margin-top: .75em;margin-bottom:.75em } small { font-size:85.18% } big { font-size:117.4% } quote { font-style:italic; .l quote { font-style:italic; font-family:cursive,sans-serif;} em { font-variant:small-caps } h6 { font-size:85.180%/117.398% } h5 { font-size:100%/132.824% } h4 { font-size:117.398%/161.803% } h3 { font-size:132.824%/200.00% } h2 { font-size:161.803%/234.797% } h1 { font-size:200.000%/265.648% } h1, h2, h3, h4, h5 {font-size: inherit; font-weight:bold} h5, h6 {font-size: inherit; font-variant:small-caps;} hr {font-family:monospace:fixed; width:90ex; margin:0;left} h5 {font: inherit; font-weight:800 } h6 { font: inherit; font-weight:700 } h1,h2,h3,h4,h5,h6 { margin:1em } blockquote { margin:1em 1em; font-style:italic; } blockquote > p, blockquote > blockquote { margin-top:0.50em;margin-bottom:0.50em; text-indent:0;} pre { -moz-tab-size: 4; -o-tab-size: 4; tab-size: 4; } pre, cite { -moz-tab-size:2;-o-tab-size:2;tab-size:2;margin: 1.2em .8em; } pre, cite, tt {font-style:oblique; background-color:#f6f6f0; color:#202040; font-family:"Lucida Console", monospace; } pre+pre {font-inherit; font-style:oblique; background-color:#f6f6f0; color:#202040; margin:1ex .8em } address {font inherit; font-style:oblique; font-family:"Cambria";} address {font:inherit; margin:1em 3em; background-color:#f8faff;} address+address {margin:0 2em} img { margin:1.6em } q {quotes:"â" "â" "â" "â" } q:before { content:open-quote } q:after { content:close-quote } a, a:link, a:focus, a:visited {text-decoration:underline} a:link { color:#44BB33 } a:focus { color: #22FF11 } a:visited { color: #557722 } .sig { font: oblique 15.75pt/84pt "Lucida Handwriting",cursive } .sig:first-letter { float:left; font: italic 56pt/84pt "Lucida Calligraphy",cursive; font-weight:200; } #sig_fl { float:left;font:italic 56pt/84pt "Lucida Calligraphy",cursive; font-weight:200; } @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Cambria; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:"Lucida Calligraphy"; panose-1:3 1 1 1 1 1 1 1 1 1;} @font-face {font-family:"Lucida Handwriting"; panose-1:3 1 1 1 1 1 1 1 1 1;} .MsoNormal, .MsoNormalTab { padding:0; margin:0; color:"darkmagenta"; background:"honeydew"; font: oblique 100%/100% "Calibri","Verdana","Arial" !important; } span.MsoNormal , span.MsoNormalTable { font-family: inherit !important; font-size: inherit !important; font-style: inherit !important; color: inherit !important; } span[font-family=Arial], span[font-family="Times New Roman"], font[face=Arial] ,font[face="Times New Roman"] { font-family: inherit !important; font-size-adjust:inherit !important; font-size: inherit !important; line-height: inherit !important; color: inherit !important; } </style>  </head> <body> fr:<a class="moz-txt-link-freetext" href="https://dbus.freedesktop.org/doc/dbus-specification.html#transports-tcp-sockets">https://dbus.freedesktop.org/doc/dbus-specification.html#transports-tcp-sockets</a> says: <blockquote>In particular, configuring the well-known system bus or the well-known session bus to listen on a non-loopback TCP address is insecure </blockquote> Why? If the TCP-PATH between systems is secure, how is dbus insecure? Also says: <blockquote>Remote TCP connections were historically sometimes used to share a single session bus between login sessions of the same user on different machines within a trusted local area network, in conjunction with unencrypted remote X11, a NFS-shared home directory and NIS (YP) authentication. This is insecure against an attacker on the same LAN and should be considered strongly deprecated; more specifically, it is insecure in the same ways and for the same reasons as unencrypted remote X11 and NFSv2/NFSv3. </blockquote> I use unencrypted remote X11 and CIFS over a secure network. Why would DBUS over a secure network be insecure, and why would it be deprecated? Why is DBUS advertising that it is insecure when used over secure networks? In addition to dedicated lines, TCP connections over VPNs and ssh have been around for 30 years or more. Perhaps some people don't remember users only using secure SSH clients that placed a remote client as a secured node inside one of the company's secure zones? Thanks! </body> </html>