Return of the annual system bus restart flamewar (Was Re: Some help with PolicyKit basics)

David Zeuthen david at fubar.dk
Mon Jul 27 10:01:17 PDT 2009 

On Mon, 2009-07-27 at 17:58 +0200, Michael Biebl wrote:
> 2009/7/27 David Zeuthen <david at fubar.dk>:
> >> this still true if the d-bus daemon is restarted?)
> >
> > The system bus daemon should _never ever_ be restarted. The guarantee
> > that unique system bus names are _never_ recycled is a good reason why
> > this is so. I know some distributions still live in some interesting
> > reality where they think restarting the system daemon is OK... but
> > essentially these guys are wrong and doing so is introducing a security
> > hole.
> 
> Then D-Bus will never ever be suitable for anything else then
> single-user desktop systems where it doesn't matter that much if you
> have to reboot the system on package upgrades (which is so windows
> like btw).
> 
> Serious Linux sysadmin will laugh you in the face 

Many such people don't really understand what D-Bus is or how things
work. So I tend to just smile back at them.

> if you told them
> that they have to reboot their server when dbus is upgraded (e.g. in
> case of a security related update, in which case you leave a system
> vulnerable).

No, it's fine. It's just like when the operating system kernel is
updated. Means you need to reboot too. Sure, for the kernel you can use
ksplice (if you are lucky), for the D-Bus system bus daemon we can also
fix this.

> Applications can be fixed, to reconnect to the system bug, and there
> also have been discussions, how to support this within the dbus daemon
> itself resp. the dbus libraries.
> It's just a tough problem to fix, not something which is inherent by
> design of D-Bus.

As Scott says, this problem can be fixed without even letting apps know
that the system bus daemon restarted [1].

But apparently some distributions rather want to break _fundamental_ and
_important_ assumptions (name recycling) in D-Bus by restarting the
system message bus. Instead of, you know, actually doing the fucking
work in D-Bus to make this work... instead.. you guys... pretend that
restarting the system bus is a good idea. I'm sure guys running such
distributions have awesome uptimes though. That's what counts isn't it?

Anyway, I really don't want to waste time discussing this again, it is
not useful. It is, however, sad to note that some distributions do break
D-Bus - and most of them probably without even really realizing what
they are doing. But I'm sure these guys have awesome uptimes!

    David

[1] : assuming the upstream D-Bus developers actually wants to take a
patch to do this - it would probably be a pretty complex patch
(introducing compat issues too) so probably not worth the effort. I
don't know.

More information about the polkit-devel mailing list