• Simon McVittie's avatar
    Security hardening: force EXTERNAL auth in session.conf on Unix · d9ab8931
    Simon McVittie authored
    DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
    indirectly dependent on high-quality pseudo-random numbers
    whereas EXTERNAL authentication (credentials-passing)
    is mediated by the kernel and cannot be faked.
    On Windows, EXTERNAL authentication is not available,
    so we continue to use the hard-coded default (all
    authentication mechanisms are tried).
    Users of tcp: or nonce-tcp: on Unix will have to comment
    this out, but they would have had to use a special
    configuration anyway (to set the listening address),
    and the tcp: and nonce-tcp: transports are inherently
    insecure unless special steps are taken to have them
    restricted to a VPN or SSH tunnelling.
    Users of obscure Unix platforms (those that trigger
    the warning "Socket credentials not supported on this Unix OS"
    when compiling dbus-sysdeps-unix.c) might also have to
    comment this out, or preferably provide a tested patch
    to enable credentials-passing on that OS.
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
Last commit
Last update
bus Loading commit data...
dbus Loading commit data...
doc Loading commit data...
modules Loading commit data...
test Loading commit data...
tools Loading commit data...
CMakeLists.txt Loading commit data...
ConfigureChecks.cmake Loading commit data...
bus-test.bat.cmake Loading commit data...
config.h.cmake Loading commit data...
dbus-env.bat.cmake Loading commit data...