On Mon, 20 Jan 2025 at 20:19:01 +0100, Erik Slagter wrote: > So I'd rather have dbus-broker listening to a TCP socket and if that can't > be done, using dbus-daemon. Please don't do either of these. Having a D-Bus "user bus" (session bus) listening on TCP and willing to execute arbitrary code was a key part of the safety-critical vulnerability and multi-billion-dollar recall described in <https://www.bbc.co.uk/news/technology-33650491>. (Or maybe it was the system bus, I'm not sure - either way, one of the "real" buses.) The D-Bus protocol does not include cryptographic security and is intended to be used only over secure connections such as AF_UNIX sockets. When D-Bus was originally designed in around 2000, computers were expensive, easy to notice and assumed to be managed by professionals, and there was a feeling that it was viable and realistic to have a secure LAN with a perimeter firewall and everyone behind the firewall completely trusted, and in particular people wanted to use D-Bus over TCP combined with NFS home directories for some sort of distributed system. However, this never really worked well. Now that an attacker can get into your "secure" network by plugging in a Raspberry Pi to a network socket, exploiting an unpatched vulnerability in your networked lightbulb, or similar attack vectors, D-Bus over TCP has gone from bad idea to extremely bad idea. Please don't do it. The main reason that the reference dbus-daemon still supports D-Bus over TCP is for portability to Windows, which only gained AF_UNIX sockets recently, so on Windows it's conventional to use D-Bus over a socket that is bound to 127.0.0.1. dbus-broker is Linux-only (not portable), so it doesn't need that. If you want to use D-Bus over a network in order to debug an embedded device or something like that, I would recommend tunneling a connection through ssh. systemd-stdio-bridge is very convenient for this. smcv (a dbus maintainer)
Re: systemd-devel] dbus-broker can be used for a "user" type bus accessible over tcp or not?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd-devel] dbus-broker can be used for a "user" type bus accessible over tcp or not?
- From: Simon McVittie <smcv@xxxxxxxxxxxxx>
- Date: Mon, 20 Jan 2025 21:13:34 +0000
- In-reply-to: <08a70ba7-05bd-438c-b761-cda4fc3f005e@slagter.name>
- References: <5957de38-a5a2-48ea-af4e-1bbeec2a447b@slagter.name> <08a70ba7-05bd-438c-b761-cda4fc3f005e@slagter.name>
- Follow-Ups:
- References:
- Prev by Date: Re: switch-root, init, SIGHUP
- Next by Date: Re: dbus-broker can be used for a "user" type bus accessible over tcp or not?
- Previous by thread: Re: systemd-devel] dbus-broker can be used for a "user" type bus accessible over tcp or not?
- Next by thread: Re: systemd-devel] dbus-broker can be used for a "user" type bus accessible over tcp or not?
- Index(es):
 |