Dbus and security - a few questions
Colin Walters
walters at redhat.com
Fri Mar 4 21:25:04 UTC 2005
On Fri, 2005-03-04 at 15:17 -0500, John (J5) Palmieri wrote:
> It is similar to the risks of setuid
>binaries.
I would say D-BUS is a lot better than setuid binaries; you have to
write a setuid binary very carefully because it can be influenced by the
parent process (environment variables, filesystem namespace, etc). The
D-BUS library does validation of the raw message formats, and I think
it's much easier to validate arguments to a method than to do all the
work involved in writing a setuid binary.
More information about the fedora-devel-list
mailing list