Commit 084977cf authored by Simon McVittie's avatar Simon McVittie

Security hardening: force EXTERNAL auth in session.conf on Unix

DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
indirectly dependent on high-quality pseudo-random numbers
whereas EXTERNAL authentication (credentials-passing)
is mediated by the kernel and cannot be faked.

On Windows, EXTERNAL authentication is not available,
so we continue to use the hard-coded default (all
authentication mechanisms are tried).

Users of tcp: or nonce-tcp: on Unix will have to comment
this out, but they would have had to use a special
configuration anyway (to set the listening address),
and the tcp: and nonce-tcp: transports are inherently
insecure unless special steps are taken to have them
restricted to a VPN or SSH tunnelling.

Users of obscure Unix platforms (those that trigger
the warning "Socket credentials not supported on this Unix OS"
when compiling dbus-sysdeps-unix.c) might also have to
comment this out, or preferably provide a tested patch
to enable credentials-passing on that OS.

Bug: Ralf Habacker's avatarRalf Habacker <>
parent 954371ee
......@@ -14,6 +14,16 @@
<!-- On Unix systems, the most secure authentication mechanism is
EXTERNAL, which uses credential-passing over Unix sockets.
This authentication mechanism is not available on Windows,
is not suitable for use with the tcp: or nonce-tcp: transports,
and will not work on obscure flavours of Unix that do not have
a supported credentials-passing mechanism. On those platforms/transports,
comment out the <auth> element to allow fallback to DBUS_COOKIE_SHA1. -->
<standard_session_servicedirs />
<policy context="default">
......@@ -452,6 +452,7 @@ if (WIN32)
# bus-test expects a non empty string
set (DBUS_USER "Administrator")
set (DBUS_TEST_USER "guest")
else (WIN32)
set (DBUS_SESSION_BUS_LISTEN_ADDRESS "unix:tmpdir=${DBUS_SESSION_SOCKET_DIR}" CACHE STRING "session bus default listening address")
set (DBUS_SESSION_BUS_CONNECT_ADDRESS "autolaunch:" CACHE STRING "session bus fallback address for clients")
......@@ -461,6 +462,9 @@ else (WIN32)
set (DBUS_SESSION_CONFIG_FILE ${configdir}/session.conf)
set (DBUS_USER "messagebus")
set (DBUS_TEST_USER "nobody")
# For best security, assume that all non-Windows platforms can do
# credentials-passing.
endif (WIN32)
set (DBUS_DAEMON_NAME "dbus-daemon" CACHE STRING "The name of the dbus daemon executable")
......@@ -134,6 +134,13 @@ if test "$dbus_cygwin" = yes; then
AC_DEFINE(DBUS_CYGWIN,1,[Defined if we run on a cygwin API based system])
# For best security, assume that all non-Windows platforms can do
# credentials-passing.
AS_IF([test "$dbus_win" = yes],
AM_CONDITIONAL(DBUS_WIN, test "$dbus_win" = yes)
AM_CONDITIONAL(DBUS_WINCE, test "$dbus_wince" = yes)
AM_CONDITIONAL(DBUS_UNIX, test "$dbus_unix" = yes)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment