dbus-daemon(1): Recommend against remote TCP for debugging

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com> [smcv: Add a TODO comment as suggested] Signed-off-by: Simon McVittie <smcv@collabora.com> (cherry picked from commit cf47380641)
2026-02-04 23:30:33 +01:00 · 2018-04-12 13:57:26 +01:00 · 2018-04-12 13:57:26 +01:00 · c1c9ecaa8a
commit c1c9ecaa8a
parent 9bd0256f32
1 changed files with 10 additions and 0 deletions
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@ -415,6 +415,16 @@ a transport name plus possible parameters/options.</para>
  configuring the well-known system bus or the well-known session
  bus to listen on a non-loopback TCP address is insecure.
 </para>
+<para>
+  Developers are sometimes tempted to use remote TCP as a debugging
+  tool. However, if this functionality is left enabled in finished
+  products, the result will be dangerously insecure. Instead of
+  using remote TCP, developers should <ulink
+    url="https://lists.freedesktop.org/archives/dbus/2018-April/017447.html"
+    >relay connections via Secure Shell or a similar protocol</ulink>.
+  <!-- TODO: Ideally someone would write a more formal guide to
+       remote D-Bus debugging, and we could link to that instead -->
+</para>

 <para>Example: &lt;listen&gt;unix:path=/tmp/foo&lt;/listen&gt;</para>