Commit cf473806 authored by Simon McVittie's avatar Simon McVittie

spec, dbus-daemon(1): Recommend against remote TCP for debugging

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004Reviewed-by: Ralf Habacker's avatarRalf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
[smcv: Add a TODO comment as suggested]
Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
parent 2513f84d
......@@ -415,6 +415,16 @@ a transport name plus possible parameters/options.</para>
configuring the well-known system bus or the well-known session
bus to listen on a non-loopback TCP address is insecure.
</para>
<para>
Developers are sometimes tempted to use remote TCP as a debugging
tool. However, if this functionality is left enabled in finished
products, the result will be dangerously insecure. Instead of
using remote TCP, developers should <ulink
url="https://lists.freedesktop.org/archives/dbus/2018-April/017447.html"
>relay connections via Secure Shell or a similar protocol</ulink>.
<!-- TODO: Ideally someone would write a more formal guide to
remote D-Bus debugging, and we could link to that instead -->
</para>
<para>Example: &lt;listen&gt;unix:path=/tmp/foo&lt;/listen&gt;</para>
......
......@@ -3730,6 +3730,16 @@
credentials over a TCP connection, so the EXTERNAL authentication
mechanism does not work for this transport.
</para>
<para>
Developers are sometimes tempted to use remote TCP as a debugging
tool. However, if this functionality is left enabled in finished
products, the result will be dangerously insecure. Instead of
using remote TCP, developers should <ulink
url="https://lists.freedesktop.org/archives/dbus/2018-April/017447.html"
>relay connections via Secure Shell or a similar protocol</ulink>.
<!-- TODO: Ideally someone would write a more formal guide to
remote D-Bus debugging, and we could link to that instead -->
</para>
<para>
All <literal>tcp</literal> addresses are listenable.
<literal>tcp</literal> addresses in which both
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment