[Bug 42809] New: DBusTube access control is under-specified

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Nov 11 12:10:28 CET 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=42809

             Bug #: 42809
           Summary: DBusTube access control is under-specified
    Classification: Unclassified
           Product: Telepathy
           Version: git master
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: tp-spec
        AssignedTo: telepathy-bugs at lists.freedesktop.org
        ReportedBy: simon.mcvittie at collabora.co.uk
         QAContact: telepathy-bugs at lists.freedesktop.org
                CC: andrunko at gmail.com, daniele.domenichelli at gmail.com,
                    ollisal at gmail.com
            Blocks: 28366


+++ This bug was initially created as a clone of Bug #28366 +++

See Bug #28366, particularly my comments 23, 24:

I don't think all Socket_Access_Control values really fit on a (new-style)
D-Bus tube - we wrote the wording for stream tubes, so they'll need
re-purposing for D-Bus tubes. DBusTube is under-specified, basically.

D-Bus connections always start with a '\0' with semantics similar to the
Socket_Access_Control_Credentials byte - that's exactly where I got the idea
for S_A_C_C from.

I think the values for S_A_C that make sense for D-Bus tubes are:

* Localhost: any local user can connect to the CM. I'd re-interpret this as
  "use dbus_connection_set_unix_user_function() and
  dbus_connection_set_windows_user_function() to set a function that
  allows everyone".

* Credentials: for D-Bus I'd either re-interpret this as
  "use the default D-Bus auth handshake as used for the session bus,
  which only allows the same uid; omit the extra byte", or deprecate it
  for D-Bus tubes (it's fine to use on stream tubes) and introduce a
  new S_A_C_DBus_Same_User which is explicitly "use the normal D-Bus
  mechanisms to determine that it's the same user".

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the telepathy-bugs mailing list