--nextPart7627009.7qmrk42znS
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Saturday 24 June 2006 12:14, Havoc Pennington wrote:
> I was looking at the comment at policy.c:457 , looking again the code
> right after the comment does not do what the comment says ;-)
>
> According to cvs history the code and the comment were in the same
> patch, so who knows what we intended...

I think it makes sense to say that, as a matter of policy, the system bus=20
should be used for anything that crosses privilege boundaries. I think it=20
also make sense to keep the current code as is and update the comment, sinc=
e=20
it doesn't seem to have bitten anyone so far that root can't connect to the=
=20
session bus.

The disadvantage is that you can't run an arbitrary program as root and tel=
l=20
it to connect to an existing session bus, but from a security pov that is=20
probably better anyway.

Cheers,
Waldo
=2D-=20
Linux Client Architect - Channel Platform Solutions Group - Intel Corporati=
on

--nextPart7627009.7qmrk42znS
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBEntmHN4pvrENfboIRAjxOAKCV6tJgecIZcnkbzsZfFpg11CBWgQCfa1HB
gmsUVGTHgo+XKmaI/i53i+E=
=TG+j
-----END PGP SIGNATURE-----

--nextPart7627009.7qmrk42znS--