[systemd-devel] SD_BUS_VTABLE_CAPABILITY
Andy Lutomirski
luto at amacapital.net
Fri Apr 17 09:13:31 PDT 2015
On Apr 17, 2015 5:42 AM, "Simon McVittie"
<simon.mcvittie at collabora.co.uk> wrote:
>
> On 16/04/15 15:52, Andy Lutomirski wrote:
> > (I really think this dichotomy
> > needs to be removed, *especially* since it looks like code already
> > exists to try to use both metadata sources. This seems like it's just
> > asking for security screw-ups.)
>
> Would it address this concern if there was an explicit API separation
> into "things that can't be faked, suitable for authorization" and
> "things that could have been faked, only suitable for debugging" - such
> that the uid would be in the first set only, capabilities would be in
> the first set on kdbus but absent or in the second set on traditional
> D-Bus, and /proc/*/cmdline would always be in the second set?
It would certainly improve the sd-bus code, I think. I'm not a
systemd developer, though.
>From the kernel side, I don't even see the point of reporting caps for
debugging IPC things.
--Andy
More information about the systemd-devel
mailing list