fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-01-11 07:30:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
dbus/bus
History
Simon McVittie d9ab893182 Security hardening: force EXTERNAL auth in session.conf on Unix 
DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
indirectly dependent on high-quality pseudo-random numbers
whereas EXTERNAL authentication (credentials-passing)
is mediated by the kernel and cannot be faked.

On Windows, EXTERNAL authentication is not available,
so we continue to use the hard-coded default (all
authentication mechanisms are tried).

Users of tcp: or nonce-tcp: on Unix will have to comment
this out, but they would have had to use a special
configuration anyway (to set the listening address),
and the tcp: and nonce-tcp: transports are inherently
insecure unless special steps are taken to have them
restricted to a VPN or SSH tunnelling.

Users of obscure Unix platforms (those that trigger
the warning "Socket credentials not supported on this Unix OS"
when compiling dbus-sysdeps-unix.c) might also have to
comment this out, or preferably provide a tested patch
to enable credentials-passing on that OS.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
2015-05-12 11:54:50 +01:00
..
.gitignore Rename bus-test-launch-helper to test-bus-launch_helper to match common test application naming scheme. 2014-01-17 16:29:37 +00:00
activation-exit-codes.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
activation-helper-bin.c launch-helper: fix error code parsing 2013-10-09 10:51:39 +01:00
activation-helper.c launch-helper: fix error code parsing 2013-10-09 10:51:39 +01:00
activation-helper.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
activation.c CVE-2014-7824: set fd rlimit to 64k for the system dbus-daemon 2014-11-06 15:31:07 +00:00
activation.h CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service 2014-06-05 14:36:17 +01:00
bus.c Set error when message delivery is denied due to receive rule 2014-11-14 18:40:50 +00:00
bus.h CVE-2014-7824: set fd rlimit to 64k for the system dbus-daemon 2014-11-06 15:31:07 +00:00
config-loader-expat.c Fixed gcc on windows limitation 2010-03-20 21:53:57 +01:00
config-parser-common.c Do not use the name ELEMENT_TYPE 2011-03-07 13:50:38 +00:00
config-parser-common.h Do not use the name ELEMENT_TYPE 2011-03-07 13:50:38 +00:00
config-parser-trivial.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
config-parser-trivial.h Merge branch 'dbus-1.2' 2010-06-22 17:25:20 +01:00
config-parser.c Revert "config: change default auth_timeout to 5 seconds" 2014-11-22 10:49:21 +00:00
config-parser.h Consistently include <config.h> in all C source files and never in header files. 2010-03-19 20:11:48 +01:00
connection.c Log to syslog when auth_timeout drops an incomplete connection 2014-11-22 10:49:21 +00:00
connection.h Stop listening on DBusServer sockets when reaching max_incomplete_connections 2014-09-15 12:28:37 +01:00
dbus.service.in Add "Documentation=man:dbus-daemon(1)" line to systemd service 2014-04-28 15:42:11 +01:00
dbus.socket.in systemd: enable the dbus service unconditionally 2010-09-06 03:21:17 +02:00
desktop-file.c Fix dbus-daemon crash due to invalid service file 2013-06-12 13:42:00 +01:00
desktop-file.h Remove unused key-word of DBus .service file 2013-10-09 10:53:38 +01:00
dir-watch-default.c Fix warnings on Windows builds. 2010-04-14 08:26:40 +02:00
dir-watch-inotify.c fix whitespace 2013-08-23 11:54:01 +01:00
dir-watch-kqueue.c kqueue: open watched directories with close-on-exec flag 2014-01-06 16:04:44 +00:00
dir-watch.h Clean up inotify watch handling 2010-02-01 16:22:56 -05:00
dispatch.c BusTransaction: remove confusing getter of connections 2014-01-06 15:59:18 +00:00
dispatch.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
driver.c Hardening: only allow the uid of the dbus-daemon to call UpdateActivationEnvironment 2015-01-01 23:32:22 +00:00
driver.h Hardening: reject UpdateActivationEnvironment on non-canonical path 2015-01-01 23:32:16 +00:00
expirelist.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
expirelist.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
main.c Use SIGHUP without check in UNIX environment 2013-11-01 11:35:58 +00:00
Makefile.am Rename bus-test-launch-helper to test-bus-launch_helper to match common test application naming scheme. 2014-01-17 16:29:37 +00:00
messagebus-config.in Applied patches from cygwin port. 2010-08-10 08:25:24 +02:00
messagebus.in Fix use of $servicename in status 2010-07-09 11:52:59 -04:00
org.freedesktop.dbus-session.plist.in 10.4 is old so set more sensible launchd defaults. 2010-12-09 08:20:07 +01:00
policy.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
policy.h tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
rc.messagebus.in [legacy init script] Fix the use of $servicename 2010-04-23 12:02:19 -04:00
selinux.c selinux: Use selinux_set_mapping() to avoid hardcoded constants for policy 2013-11-07 14:52:27 -05:00
selinux.h Fix compilation in --disable-selinux case 2010-02-02 15:04:58 -05:00
services.c CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service 2014-06-05 14:36:17 +01:00
services.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
session.conf.in Security hardening: force EXTERNAL auth in session.conf on Unix 2015-05-12 11:54:50 +01:00
signals.c Merge branch 'dbus-1.6' 2013-10-23 17:15:56 +01:00
signals.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
stats.c Hardening: only accept Stats function calls at the canonical object path 2015-01-01 23:33:10 +00:00
stats.h Revert addition of files which were only meant to exist on master, too 2012-01-23 10:27:32 +00:00
system.conf.in CVE-2015-0245: prevent forged ActivationFailure from non-root processes 2015-02-04 16:45:16 +00:00
test-launch-helper.c Export dbus_setenv() as a utility function 2013-08-23 11:40:50 +01:00
test-main.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
test-system.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
test.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
test.h tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
utils.c Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
utils.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00