[Bug 30043] A way for channel handlers to request observer bypassing
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Oct 15 13:51:40 CEST 2010
https://bugs.freedesktop.org/show_bug.cgi?id=30043
--- Comment #3 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2010-10-15 04:51:39 PDT ---
We need to come up with some better wording for this before undrafting it. It's
not a security feature unless your platform is very specialized
(SELinux/Bitfrost levels of strangeness):
- it doesn't prevent looking at NewChannels on the session bus, which
isn't normally a privilege boundary
- it doesn't prevent D-Bus eavesdropping on the session bus, which
isn't normally a privilege boundary
- in extreme cases, it doesn't prevent a determined observer from
ptrace()ing the connection manager, which doesn't usually have a
privilege boundary between it and the rest of the session!
However, it does prevent MC from waiting for observers to start: an actively
malicious observer can still kill, ptrace or otherwise subvert MC or the CM,
but it does mean that an observer that's merely buggy can't accidentally delay
channel handling.
One possible way to make this flag easier to explain would be to make it imply
BypassApproval and an elevated filter-matching "quality" in the dispatcher,
which would extend its semantics to something more like "this handler is a
control freak". Perhaps "ExclusiveHandler" would be a good name for that
feature?
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the telepathy-bugs
mailing list