New SE-DBUS patch

Colin Walters walters at redhat.com
Sat Jun 26 09:57:19 PDT 2004


On Sat, 2004-06-26 at 01:33 -0400, Havoc Pennington wrote:
> On Fri, 2004-06-25 at 15:23, Colin Walters wrote:
> > Eek.  In that case, barring SE-X, there isn't any way to reliably get a
> > security context - since the X server is acting as an intermediary,
> > correct?
> 
> Yep, absolutely. 
> 
> The good news is that we expect to use only UNIX domain sockets for
> talking to the systemwide bus. This kind of issue would only apply to
> the session bus. We have the same problem with e.g. a TCP socket I would
> think (we can't have a context for one of those, right?)

At the moment, yeah.  The NSA did have some work on labeled networking,
but it was rejected for inclusion in the Linux mainline.  I think
that'll eventually be picked up again, and we'll then have a way to get
a security context from a TCP socket too.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://freedesktop.org/pipermail/dbus/attachments/20040626/c6eaa197/attachment-0001.pgp


More information about the dbus mailing list