Commit b701a78a authored by John Palmieri's avatar John Palmieri

* Release 0.36.2

* Add Havoc's patch that never got applied to HEAD (Bug #2436):

* bus/policy.c (bus_policy_allow_user): change default "user is
allowed" to be "user has same uid as the bus itself"; any
allow/deny rules will override.

* bus/session.conf.in: don't allow all users, since now by default
the user that ran the bus can connect.
parent 56252321
2005-08-29 John (J5) Palmieri <johnp@redhat.com>
* Release 0.36.2
* Add Havoc's patch that never got applied to HEAD (Bug #2436):
* bus/policy.c (bus_policy_allow_user): change default "user is
allowed" to be "user has same uid as the bus itself"; any
allow/deny rules will override.
* bus/session.conf.in: don't allow all users, since now by default
the user that ran the bus can connect.
2005-08-26 Colin Walters <walters@verbum.org>
* tools/dbus-print-message.c (print_message): Flush stdout
......
D-BUS 0.36.2 (29 August 2005)
===
- Security: Restrict other users from connecting to another users
session bus
D-BUS 0.36.1 (24 August 2005)
===
- Python Bindings:
......
......@@ -453,8 +453,9 @@ bus_policy_allow_user (BusPolicy *policy,
uid);
return FALSE;
}
allowed = FALSE;
/* Default to "user owning bus" or root can connect */
allowed = uid == _dbus_getuid ();
allowed = list_allows_user (allowed,
&policy->default_rules,
......
......@@ -19,8 +19,6 @@
<allow eavesdrop="true"/>
<!-- Allow anyone to own anything -->
<allow own="*"/>
<!-- Allow any user to connect -->
<allow user="*"/>
</policy>
<!-- This is included last so local configuration can override what's
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment