DBus - Sessionbus rights
Polychronis Ypodimatopoulos
ypod at mit.edu
Mon Apr 7 10:57:17 EDT 2008
John (J5) Palmieri wrote:
> Luckily all mail with DBus in the header gets filtered into a single
> folder ;) Yes spoofing is the answer here (it is sort of like asking
> why can't users create applications that run from /usr/bin though not
> quite exact). If we allowed users to grab names on the system bus that
> aren't marked as allowed to be used by users they could spoof HAL, the
> datastore or even the bus itself. Since applications running as root
> also access these services it could be used as an exploit to gain root
> privileges.
This sounds to me like we should not allow the user to run a server on
_any_ TCP port, because he may spoof an SSH/POP/DNS.... server. Instead,
the solution was simply to not allow the user to run servers on ports
lower than 1000. Even if we fixed this on the XO, my ubuntu distribution
has the same security policy, so maybe a bug should be filed against DBus?
> In any case the session bus is what you want to use to
> create services other apps (in the session) can use.
>
In my case, user processes need to have a two-way communication with a
system process, like having a system process listening on a well-known
port and user processes register themselves with the system process,
stating on which port they are listening for data. The user processes
need not necessarily use a well-known dbus name like 'org.laptop....',
but I could not publish a method (from a user process) on the system bus
from an address like| ":0-31".|
thx
p.
More information about the Devel
mailing list