Commit aef44759 authored by Simon McVittie's avatar Simon McVittie

dbus-daemon(1): Recommend requiring EXTERNAL on non-Windows OSs

This is the default, and blocks TCP-based attacks by making the
attacker fail to authenticate (while also preventing inadvisable
TCP-based configurations from working).

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker's avatarRalf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
parent 5d368048
......@@ -491,6 +491,10 @@ exist, then all known mechanisms are allowed. If there are multiple
&lt;auth&gt; elements, all the listed mechanisms are allowed. The order in
which mechanisms are listed is not meaningful.</para>
<para>On non-Windows operating systems, allowing only the
<literal>EXTERNAL</literal> authentication
mechanism is strongly recommended. This is the default for the
well-known system bus and for the well-known session bus.</para>
<para>Example: &lt;auth&gt;EXTERNAL&lt;/auth&gt;</para>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment