[Bug 36845] As well as ACLs for DBus calls, we need ACLs to filter which handlers get channels
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri May 6 10:52:49 CEST 2011
https://bugs.freedesktop.org/show_bug.cgi?id=36845
Simon McVittie <simon.mcvittie at collabora.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|patch |
--- Comment #5 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2011-05-06 01:52:49 PDT ---
I now realise that neither of our implementations of the Aegis pseudo-plugin is
sufficiently complete: both make an implicit assumption that the prospective
Handler is already running, and will reject it if it is not.
This happens to "usually work" if the Handler has Client.I.Requests, or if the
platform-default UI is pre-started to minimize latency, but will fail
otherwise.
To fix that, we'll need to do this:
* make the suitability check asynchronous (but return rapidly in the
common case)
* if the Channel is one that should be restricted, activate the
prospective Handler (and wait for it to start) before inspecting its
credentials
* to avoid time-of-check/time-of-use problems, each Handler with the
magic token should disallow processes without the magic token from owning
its well-known Client name
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the telepathy-bugs
mailing list