Re: Dbus and security - a few questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-03-04 at 20:36 +0100, Kyrre Ness Sjobak wrote:
> 
> But as this system grows, and more and more apps hook up - what are the
> exploitation risks? Could one f.ex. buffer overflow a privilegued app
> trough the dbus "network"? Which/what kind of services will be turned on
> by default in future fedora installations? Ofcource, having
> NetworkManager running on a shell server would be a problem so
> NetworkManager would probably never be turned on by default, but where
> are the border cases?

There's certainly security here to think about. dbus provides fairly
fine-grained firewall-style functionality, plus the selinux integration,
but in the end a system daemon that takes requests via dbus has to be
written with security in mind. dbus can guarantee that the daemon only
gets messages of type foo with arguments a, b, c of types string, int,
double; but the daemon is responsible for ensuring that it won't crash
if the int is set to INT_MAX or whatever. Basically dbus handles a lot
of the parsing/authentication/connection-establishing sort of issues but
the app still has to validate that data is within expected parameters.

Keep in mind that dbus has two separate running processes, one is the
systemwide used to talk to system daemons, the other is just running as
the user within the user's session like any other app.

Havoc



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux