mirror of
https://gitlab.freedesktop.org/dbus/dbus.git
synced 2026-05-05 07:38:20 +02:00
dbus-daemon(1): Put some scary warnings on <allow_anonymous/>
I'm far from convinced that this option should even *exist*, but it should definitely be documented as a very bad thing. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com>
This commit is contained in:
Simon McVittie
parent
7fc89fb1f8
commit
5d36804867
1 changed files with 7 additions and 0 deletions
|
|
@ -386,6 +386,13 @@ mechanism will be authorized to connect. This option has no practical
|
|||
effect unless the ANONYMOUS mechanism has also been enabled using the
|
||||
<emphasis remap='I'><auth></emphasis> element, described below.</para>
|
||||
|
||||
<para>Using this directive in the configuration of the well-known
|
||||
system bus or the well-known session bus will make that bus insecure
|
||||
and should never be done. Similarly, on custom bus types, using this
|
||||
directive will usually make the custom bus insecure, unless its
|
||||
configuration has been specifically designed to prevent anonymous
|
||||
users from causing damage or escalating privileges.</para>
|
||||
|
||||
<itemizedlist remap='TP'>
|
||||
|
||||
<listitem><para><emphasis remap='I'><listen></emphasis></para></listitem>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue