Dbus and security - a few questions
Kyrre Ness Sjobak
kyrre at solution-forge.net
Fri Mar 4 19:36:36 UTC 2005
As a desktop/server Linux user (and spare time developer which really
needs a good GTK/C book in order to be able to contribute more back to
the comunity), i am thrilled to see the new posibilities dbus opens for
user-friendly interaction. But a bit concerned as well (probably because
i don't know much about dbus) over security issues.
As far as i understand, dbus is a framework for aplications running on
the same computer to comunicate. Great. It is often used to connect
backend (often running as root, doing stuff with system configuration),
and frontend (often running as any user which happens to have user
access to the system). One example is NetworkManager - which is great
for primarily single user laptops.
But as this system grows, and more and more apps hook up - what are the
exploitation risks? Could one f.ex. buffer overflow a privilegued app
trough the dbus "network"? Which/what kind of services will be turned on
by default in future fedora installations? Ofcource, having
NetworkManager running on a shell server would be a problem so
NetworkManager would probably never be turned on by default, but where
are the border cases?
Such things.
Kyrre Ness Sjøbæk
More information about the fedora-devel-list
mailing list