On Mon, 2004-08-16 at 13:25, Steve G wrote: > And does dbus work without networking running? Are there ways for untrusted users > to abuse it? Has it gone through a rigorous code review? It could use a security-minded person or three looking over it, if anyone with the skills is interested. The code is designed to be pretty paranoid but it can always be more so, and it is pretty complex code in spots. dbus is a place to put a lot of things that the kernel guys would rather see done in userspace. So even though it is userspace, we're going to have to make it a hard requirement and stick it pretty early in the boot process, probably. Havoc
