As a desktop/server Linux user (and spare time developer which really needs a good GTK/C book in order to be able to contribute more back to the comunity), i am thrilled to see the new posibilities dbus opens for user-friendly interaction. But a bit concerned as well (probably because i don't know much about dbus) over security issues. As far as i understand, dbus is a framework for aplications running on the same computer to comunicate. Great. It is often used to connect backend (often running as root, doing stuff with system configuration), and frontend (often running as any user which happens to have user access to the system). One example is NetworkManager - which is great for primarily single user laptops. But as this system grows, and more and more apps hook up - what are the exploitation risks? Could one f.ex. buffer overflow a privilegued app trough the dbus "network"? Which/what kind of services will be turned on by default in future fedora installations? Ofcource, having NetworkManager running on a shell server would be a problem so NetworkManager would probably never be turned on by default, but where are the border cases? Such things. Kyrre Ness Sjøbæk
