[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-dbus
Subject: Re: where is dbus 1.2 ?
From: "Havoc Pennington" <hp () pobox ! com>
Date: 2008-02-20 1:37:33
Message-ID: 2cef5bf40802191737q447236ddk549df81da20ed8de () mail ! gmail ! com
[Download RAW message or body]
Hi,
On Feb 19, 2008 4:20 AM, Gavrie Philipson <gavrie@gmail.com> wrote:
> Would this be safe enough to leave in production code? According to the
> description of the dbus_connection_set_allow_anonymous function in the code, it
> applies only when ANONYMOUS is listed among the authentication mechanisms, which
> is not the case on production systems.
>
I think it is probably safe, but to be honest I'm not sure... I guess
keeping it separate from the auth mechanism list was just pedantic,
but maybe I had some reason for it.
Aside from security, there's the matter of workingness - I don't know
if the bus daemon code handles things correctly if connection_get_user
doesn't return a user.
So I would suggest looking over the codepaths that are involved. It's
probably slightly safer as well to set some type of flag when setting
up the auth mechanisms, and only allow_anonymous if there's an
anonymous auth mechanism.
Havoc
_______________________________________________
dbus mailing list
dbus@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dbus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic