Comment 23 for bug 306362
Revision history for this message
|
|
#23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
(In reply to comment #21)
> Tomas - the reason I believe that there's no interface based check is that
> it's legal for messages to be sent to any interface.
Sorry, I don't understand this. Proposed patch fixes default rule that is supposed to allow all requested replies. Why should it be bound to any specific interface?
(In reply to comment #22)
> I vaguely recall a discussion about this that I think ended up at the
> conclusion that the unit of security granularity should be the service; i.e.
> not interfaces or methods.
Doesn't this make my note (end of comment #19) about not being able to use destination in receive rules even more valid? Removing possibility to use interface and method attributes will only leave sender, message type and error name checks for use in the receive rules (I believe path falls to the same category as interfaces and methods). So receive rules will have to be wide open to actually work (as they are now).
> In other words the config file for 3rd party services should just be:
>
> <user="root">
> <allow service=
> </user>
Is this supposed to be send or receive rule? Or some new policy concept, that does not distinguish the two any more?
Anyway, if this is expected to be full config for some 3rd party service, dbus will have to get the default configuration right, so that requests from non-root users are denied.