1. 27 Jul, 2017 1 commit
  2. 29 Jun, 2017 2 commits
  3. 07 Apr, 2017 1 commit
  4. 05 Apr, 2017 1 commit
  5. 16 Feb, 2017 2 commits
  6. 28 Nov, 2016 3 commits
  7. 22 Nov, 2016 2 commits
  8. 10 Oct, 2016 2 commits
  9. 15 Aug, 2016 2 commits
  10. 29 Jul, 2016 1 commit
  11. 07 Mar, 2016 2 commits
  12. 12 Feb, 2016 1 commit
  13. 11 Feb, 2016 1 commit
  14. 08 Feb, 2016 1 commit
  15. 01 Dec, 2015 2 commits
  16. 17 Nov, 2015 2 commits
  17. 26 Oct, 2015 3 commits
  18. 02 Oct, 2015 1 commit
  19. 25 Aug, 2015 2 commits
  20. 06 Aug, 2015 2 commits
  21. 21 Jul, 2015 2 commits
  22. 27 May, 2015 2 commits
  23. 14 May, 2015 2 commits
    • Simon McVittie's avatar
      1.9.16 · 6986e22b
      Simon McVittie authored
      6986e22b
    • Simon McVittie's avatar
      Security hardening: force EXTERNAL auth in session.conf on Unix · 084977cf
      Simon McVittie authored
      DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
      indirectly dependent on high-quality pseudo-random numbers
      whereas EXTERNAL authentication (credentials-passing)
      is mediated by the kernel and cannot be faked.
      
      On Windows, EXTERNAL authentication is not available,
      so we continue to use the hard-coded default (all
      authentication mechanisms are tried).
      
      Users of tcp: or nonce-tcp: on Unix will have to comment
      this out, but they would have had to use a special
      configuration anyway (to set the listening address),
      and the tcp: and nonce-tcp: transports are inherently
      insecure unless special steps are taken to have them
      restricted to a VPN or SSH tunnelling.
      
      Users of obscure Unix platforms (those that trigger
      the warning "Socket credentials not supported on this Unix OS"
      when compiling dbus-sysdeps-unix.c) might also have to
      comment this out, or preferably provide a tested patch
      to enable credentials-passing on that OS.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414Reviewed-by: Ralf Habacker's avatarRalf Habacker <ralf.habacker@freenet.de>
      084977cf