Dbus and security - a few questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As a desktop/server Linux user (and spare time developer which really
needs a good GTK/C book in order to be able to contribute more back to
the comunity), i am thrilled to see the new posibilities dbus opens for
user-friendly interaction. But a bit concerned as well (probably because
i don't know much about dbus) over security issues.

As far as i understand, dbus is a framework for aplications running on
the same computer to comunicate. Great. It is often used to connect
backend (often running as root, doing stuff with system configuration),
and frontend (often running as any user which happens to have user
access to the system). One example is NetworkManager - which is great
for primarily single user laptops.

But as this system grows, and more and more apps hook up - what are the
exploitation risks? Could one f.ex. buffer overflow a privilegued app
trough the dbus "network"? Which/what kind of services will be turned on
by default in future fedora installations? Ofcource, having
NetworkManager running on a shell server would be a problem so
NetworkManager would probably never be turned on by default, but where
are the border cases?

Such things.

Kyrre Ness Sjøbæk


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux