[Bug 42809] DBusTube access control is under-specified
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Nov 11 17:17:24 CET 2011
https://bugs.freedesktop.org/show_bug.cgi?id=42809
--- Comment #5 from Olli Salli <ollisal at gmail.com> 2011-11-11 08:17:24 PST ---
(In reply to comment #3)
> Created attachment 53406 [details] [review]
> [1/2] Redefine Socket_Access_Control_Credentials on D-Bus tubes to be useful
>
> I think this is what was always intended, and it seems to be what Gabble
> has always implemented.
+ ... If the socket is only available to local users
+ (e.g. a Unix socket, an IPv4 socket bound to 127.0.0.1, or an
+ IPv6 socket bound to ::1), the <code>ANONYMOUS</code>
+ authentication mechanism MAY be enabled.</p>
What does this mean? Isn't "bound to local loopback only" what S_A_C_Localhost
in general requires? So how could some other situation occur, and how would it
affect the use of the ANONYMOUS D-Bus auth mechanism?
I think I must understand this bit of the documentation. Otherwise it's rather
less likely that any of our users would understand it either :)
Otherwise, this patch looks like a perfectly good clarification.
(In reply to comment #4)
> Created attachment 53407 [details] [review]
> [2/2] DBusTube: recommend Socket_Access_Control_Credentials
>
> The two known Tubes implementations (Gabble and Salut) implement it
> using libdbus, where it's actually easier to implement than anything
> else. It'd be equally easy with GDBus, from what I can tell.
++
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the telepathy-bugs
mailing list