1. 17 Nov, 2015 2 commits
  2. 26 Oct, 2015 3 commits
  3. 02 Oct, 2015 1 commit
  4. 25 Aug, 2015 2 commits
  5. 06 Aug, 2015 2 commits
  6. 21 Jul, 2015 2 commits
  7. 27 May, 2015 2 commits
  8. 14 May, 2015 4 commits
    • Simon McVittie's avatar
      1.9.16 · 6986e22b
      Simon McVittie authored
      6986e22b
    • Simon McVittie's avatar
      Security hardening: force EXTERNAL auth in session.conf on Unix · 084977cf
      Simon McVittie authored
      DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
      indirectly dependent on high-quality pseudo-random numbers
      whereas EXTERNAL authentication (credentials-passing)
      is mediated by the kernel and cannot be faked.
      
      On Windows, EXTERNAL authentication is not available,
      so we continue to use the hard-coded default (all
      authentication mechanisms are tried).
      
      Users of tcp: or nonce-tcp: on Unix will have to comment
      this out, but they would have had to use a special
      configuration anyway (to set the listening address),
      and the tcp: and nonce-tcp: transports are inherently
      insecure unless special steps are taken to have them
      restricted to a VPN or SSH tunnelling.
      
      Users of obscure Unix platforms (those that trigger
      the warning "Socket credentials not supported on this Unix OS"
      when compiling dbus-sysdeps-unix.c) might also have to
      comment this out, or preferably provide a tested patch
      to enable credentials-passing on that OS.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414Reviewed-by: Ralf Habacker's avatarRalf Habacker <ralf.habacker@freenet.de>
      084977cf
    • Simon McVittie's avatar
      start towards 1.8.20 · 31489e1c
      Simon McVittie authored
      31489e1c
    • Simon McVittie's avatar
      1.8.18 · 1788e8f9
      Simon McVittie authored
      1788e8f9
  9. 12 May, 2015 1 commit
    • Simon McVittie's avatar
      Security hardening: force EXTERNAL auth in session.conf on Unix · d9ab8931
      Simon McVittie authored
      DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
      indirectly dependent on high-quality pseudo-random numbers
      whereas EXTERNAL authentication (credentials-passing)
      is mediated by the kernel and cannot be faked.
      
      On Windows, EXTERNAL authentication is not available,
      so we continue to use the hard-coded default (all
      authentication mechanisms are tried).
      
      Users of tcp: or nonce-tcp: on Unix will have to comment
      this out, but they would have had to use a special
      configuration anyway (to set the listening address),
      and the tcp: and nonce-tcp: transports are inherently
      insecure unless special steps are taken to have them
      restricted to a VPN or SSH tunnelling.
      
      Users of obscure Unix platforms (those that trigger
      the warning "Socket credentials not supported on this Unix OS"
      when compiling dbus-sysdeps-unix.c) might also have to
      comment this out, or preferably provide a tested patch
      to enable credentials-passing on that OS.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
      d9ab8931
  10. 16 Apr, 2015 3 commits
  11. 04 Mar, 2015 2 commits
  12. 02 Mar, 2015 1 commit
  13. 24 Feb, 2015 2 commits
    • Simon McVittie's avatar
      Add dbus-update-activation-environment tool · 2a6cefbc
      Simon McVittie authored
      If OS builders (distributions) have chosen to use the per-user bus,
      this provides two possible modes of operation for compatibility with
      existing X session startup hooks.
      
      A legacy-free system can just upload DISPLAY, XAUTHORITY and possibly
      DBUS_SESSION_BUS_ADDRESS into dbus-daemon's and systemd's activation
      environments, similar to
      http://cgit.freedesktop.org/systemd/systemd/tree/xorg/50-systemd-user.sh
      installed by systemd (but unlike systemctl,
      dbus-update-activation-environment works for traditional
      D-Bus-activated services, not just for systemd services).
      
      A system where compatibility is required for environment variables
      exported by snippets in /etc/X11/xinit/xinitrc.d (in Red Hat derivatives,
      Gentoo, etc.) or /etc/X11/Xsession.d (Debian derivatives) can upload
      the entire environment of the X session, minus some selected environment
      variables which are specific to a login session (notably XDG_SESSION_ID).
      
      In Debian, I plan to put the former in a new dbus-user-session package
      that enables a user-session-centric mode of operation for D-Bus,
      and the latter in the existing dbus-x11 package, with the intention that
      dbus-x11 eventually becomes a tool for change-averse setups or goes
      away entirely.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301Reviewed-by: Philip Withnall's avatarPhilip Withnall <philip.withnall@collabora.co.uk>
      2a6cefbc
    • Simon McVittie's avatar
      Optionally install systemd user units for a per-user bus · 263aca37
      Simon McVittie authored
      The socket path used here, $XDG_RUNTIME_DIR/bus, does not match
      what was used in user-session-units, but is what Lennart recommended
      on fd.o #61303, and is also what kdbus will use for its bus proxy.
      
      Installation of these units switches D-Bus to a different model of
      the system: instead of considering each login session (approximately,
      each password typed in) to be its own session, the user-session model
      is that all concurrent logins by the same user form one large session.
      This allows the same bus to be shared by a graphical session, cron jobs,
      tty/ssh sessions, screen/tmux sessions and so on.
      
      Because this is a different world-view, it is compile-time optional:
      OS builders can choose which world their OS will live in. The default
      is still the login-session model used in earlier D-Bus releases,
      but might change to the user-session model in future. Explicit
      configuration is recommended.
      
      In OSs that support both models (either for sysadmin flexibility or as
      a transitional measure), the OS builder should enable the user bus
      units, but split them off into a dpkg binary package, RPM subpackage etc.;
      the sysadmin can choose whether to enable the user-session model by
      choosing whether to install that package.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301Reviewed-by: Philip Withnall's avatarPhilip Withnall <philip.withnall@collabora.co.uk>
      263aca37
  14. 23 Feb, 2015 1 commit
  15. 20 Feb, 2015 2 commits
  16. 19 Feb, 2015 2 commits
  17. 18 Feb, 2015 1 commit
  18. 16 Feb, 2015 1 commit
  19. 12 Feb, 2015 1 commit
  20. 09 Feb, 2015 2 commits
  21. 05 Feb, 2015 1 commit
  22. 04 Feb, 2015 1 commit
  23. 03 Feb, 2015 1 commit