Dbus and security - a few questions
seth vidal
skvidal at phy.duke.edu
Fri Mar 4 21:37:04 UTC 2005
On Fri, 2005-03-04 at 16:25 -0500, Colin Walters wrote:
> On Fri, 2005-03-04 at 15:17 -0500, John (J5) Palmieri wrote:
>
> > It is similar to the risks of setuid
> >binaries.
>
> I would say D-BUS is a lot better than setuid binaries; you have to
> write a setuid binary very carefully because it can be influenced by the
> parent process (environment variables, filesystem namespace, etc). The
> D-BUS library does validation of the raw message formats, and I think
> it's much easier to validate arguments to a method than to do all the
> work involved in writing a setuid binary.
okay, then let's see if this is a useful purpose for dbus.
Hypothetical:
Let's say I need a root-running daemon that can actually make chroots
and submit items into chroots to be built. Would it be reasonable and
safe to use dbus to send these requests to the daemon? Is there any way
of restricting or validating WHO sent it?
-sv
More information about the devel
mailing list