1. 28 Nov, 2016 3 commits
  2. 22 Nov, 2016 2 commits
  3. 10 Oct, 2016 2 commits
  4. 15 Aug, 2016 2 commits
  5. 29 Jul, 2016 1 commit
  6. 07 Mar, 2016 2 commits
  7. 12 Feb, 2016 1 commit
  8. 11 Feb, 2016 1 commit
  9. 08 Feb, 2016 1 commit
  10. 01 Dec, 2015 2 commits
  11. 17 Nov, 2015 2 commits
  12. 26 Oct, 2015 3 commits
  13. 02 Oct, 2015 1 commit
  14. 25 Aug, 2015 2 commits
  15. 06 Aug, 2015 2 commits
  16. 21 Jul, 2015 2 commits
  17. 27 May, 2015 2 commits
  18. 14 May, 2015 4 commits
    • Simon McVittie's avatar
      1.9.16 · 6986e22b
      Simon McVittie authored
      6986e22b
    • Simon McVittie's avatar
      Security hardening: force EXTERNAL auth in session.conf on Unix · 084977cf
      Simon McVittie authored
      DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
      indirectly dependent on high-quality pseudo-random numbers
      whereas EXTERNAL authentication (credentials-passing)
      is mediated by the kernel and cannot be faked.
      
      On Windows, EXTERNAL authentication is not available,
      so we continue to use the hard-coded default (all
      authentication mechanisms are tried).
      
      Users of tcp: or nonce-tcp: on Unix will have to comment
      this out, but they would have had to use a special
      configuration anyway (to set the listening address),
      and the tcp: and nonce-tcp: transports are inherently
      insecure unless special steps are taken to have them
      restricted to a VPN or SSH tunnelling.
      
      Users of obscure Unix platforms (those that trigger
      the warning "Socket credentials not supported on this Unix OS"
      when compiling dbus-sysdeps-unix.c) might also have to
      comment this out, or preferably provide a tested patch
      to enable credentials-passing on that OS.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414Reviewed-by: Ralf Habacker's avatarRalf Habacker <ralf.habacker@freenet.de>
      084977cf
    • Simon McVittie's avatar
      start towards 1.8.20 · 31489e1c
      Simon McVittie authored
      31489e1c
    • Simon McVittie's avatar
      1.8.18 · 1788e8f9
      Simon McVittie authored
      1788e8f9
  19. 12 May, 2015 1 commit
    • Simon McVittie's avatar
      Security hardening: force EXTERNAL auth in session.conf on Unix · d9ab8931
      Simon McVittie authored
      DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
      indirectly dependent on high-quality pseudo-random numbers
      whereas EXTERNAL authentication (credentials-passing)
      is mediated by the kernel and cannot be faked.
      
      On Windows, EXTERNAL authentication is not available,
      so we continue to use the hard-coded default (all
      authentication mechanisms are tried).
      
      Users of tcp: or nonce-tcp: on Unix will have to comment
      this out, but they would have had to use a special
      configuration anyway (to set the listening address),
      and the tcp: and nonce-tcp: transports are inherently
      insecure unless special steps are taken to have them
      restricted to a VPN or SSH tunnelling.
      
      Users of obscure Unix platforms (those that trigger
      the warning "Socket credentials not supported on this Unix OS"
      when compiling dbus-sysdeps-unix.c) might also have to
      comment this out, or preferably provide a tested patch
      to enable credentials-passing on that OS.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
      d9ab8931
  20. 16 Apr, 2015 3 commits
  21. 04 Mar, 2015 1 commit