[systemd-devel] systemd-devel] systemd-devel] dbus-broker can be used for a "user" type bus accessible over tcp or not?
Erik Slagter
erik at slagter.name
Fri Jan 24 09:10:03 UTC 2025
On 21-01-2025 15:34, Cristian Rodríguez wrote:
> On Tue, Jan 21, 2025 at 6:05 AM Erik Slagter <erik at slagter.name> wrote:
>
>> So now we have wavered all responsibilities. Is it possible or is it not
>> possible? Dbus-broker listening on tcp? If it's not possible, my
>> question is answered and I can go move on.
>
> Come on..if you do that just configure stunnel to do what you want
> with PSK auth. it supports all sorts of sockets and provides you with
> the minimal security you need.
Please note, as I find out yesterday: remote access to a dbus can work
using socat, probably using stunnel as well. Stunnel would add the
advantage of encryption BUT it doesn't help for authentication.
Apparently the authentication of dbus itself also "works" remotely. It
appears the authentication cookie sent by the remote client can only be
validated (and accepted) when the user id is equal between the remote
client and socat (or stunnel) running locally. Still not as secure as a
local dbus, but it's not that just everyone can connect.
More information about the systemd-devel
mailing list