On Fri, 2005-03-04 at 16:25 -0500, Colin Walters wrote: > On Fri, 2005-03-04 at 15:17 -0500, John (J5) Palmieri wrote: > > > It is similar to the risks of setuid > >binaries. > > I would say D-BUS is a lot better than setuid binaries; you have to > write a setuid binary very carefully because it can be influenced by the > parent process (environment variables, filesystem namespace, etc). The > D-BUS library does validation of the raw message formats, and I think > it's much easier to validate arguments to a method than to do all the > work involved in writing a setuid binary. okay, then let's see if this is a useful purpose for dbus. Hypothetical: Let's say I need a root-running daemon that can actually make chroots and submit items into chroots to be built. Would it be reasonable and safe to use dbus to send these requests to the daemon? Is there any way of restricting or validating WHO sent it? -sv
