mirror of
https://gitlab.freedesktop.org/dbus/dbus.git
synced 2026-05-01 02:08:03 +02:00
dbus-daemon(1): Put some scary warnings on <allow_anonymous/>
I'm far from convinced that this option should even *exist*, but it
should definitely be documented as a very bad thing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 5d36804867)
This commit is contained in:
Simon McVittie
parent
c1c9ecaa8a
commit
682ab5e564
1 changed files with 7 additions and 0 deletions
|
|
@ -386,6 +386,13 @@ mechanism will be authorized to connect. This option has no practical
|
|||
effect unless the ANONYMOUS mechanism has also been enabled using the
|
||||
<emphasis remap='I'><auth></emphasis> element, described below.</para>
|
||||
|
||||
<para>Using this directive in the configuration of the well-known
|
||||
system bus or the well-known session bus will make that bus insecure
|
||||
and should never be done. Similarly, on custom bus types, using this
|
||||
directive will usually make the custom bus insecure, unless its
|
||||
configuration has been specifically designed to prevent anonymous
|
||||
users from causing damage or escalating privileges.</para>
|
||||
|
||||
<itemizedlist remap='TP'>
|
||||
|
||||
<listitem><para><emphasis remap='I'><listen></emphasis></para></listitem>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue