fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-02-13 10:30:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
dbus/bus
History
Simon McVittie 02e1ddf91e Revert "config: change default auth_timeout to 5 seconds" 
This reverts commit 54d26df52b.

It appears this change may cause intermittent slow or failed boot,
more commonly on slower/older machines, in at least Mageia and
possibly also Debian. This would indicate that while the system
is under load, system services are not completing authentication
within 5 seconds.

This change was not the main part of fixing CVE-2014-3639, but does
help to mitigate that attack. As such, increasing this timeout makes
the denial of service attack described by CVE-2014-3639 somewhat
more effective: a local user connecting to the system bus repeatedly
from many parallel processes can cause other users' attempts to
connect to take longer.

If your machine boots reliably with the shorter timeout, and
resilience against local denial of service attacks is important
to you, putting this in /etc/dbus-1/system-local.conf
or a file matching /etc/dbus-1/system.d/*.conf can restore
the lower limit:

    <busconfig>
      <limit name="auth_timeout">5000</limit>
    </busconfig>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
2014-11-22 10:49:21 +00:00
..
.gitignore Rename bus-test-launch-helper to test-bus-launch_helper to match common test application naming scheme. 2014-01-17 16:29:37 +00:00
activation-exit-codes.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
activation-helper-bin.c launch-helper: fix error code parsing 2013-10-09 10:51:39 +01:00
activation-helper.c launch-helper: fix error code parsing 2013-10-09 10:51:39 +01:00
activation-helper.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
activation.c CVE-2014-7824: set fd rlimit to 64k for the system dbus-daemon 2014-11-06 15:31:07 +00:00
activation.h CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service 2014-06-05 14:36:17 +01:00
bus.c Set error when message delivery is denied due to receive rule 2014-11-14 18:40:50 +00:00
bus.h CVE-2014-7824: set fd rlimit to 64k for the system dbus-daemon 2014-11-06 15:31:07 +00:00
config-loader-expat.c Fixed gcc on windows limitation 2010-03-20 21:53:57 +01:00
config-parser-common.c Do not use the name ELEMENT_TYPE 2011-03-07 13:50:38 +00:00
config-parser-common.h Do not use the name ELEMENT_TYPE 2011-03-07 13:50:38 +00:00
config-parser-trivial.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
config-parser-trivial.h Merge branch 'dbus-1.2' 2010-06-22 17:25:20 +01:00
config-parser.c Revert "config: change default auth_timeout to 5 seconds" 2014-11-22 10:49:21 +00:00
config-parser.h Consistently include <config.h> in all C source files and never in header files. 2010-03-19 20:11:48 +01:00
connection.c Log to syslog when auth_timeout drops an incomplete connection 2014-11-22 10:49:21 +00:00
connection.h Stop listening on DBusServer sockets when reaching max_incomplete_connections 2014-09-15 12:28:37 +01:00
dbus.service.in Add "Documentation=man:dbus-daemon(1)" line to systemd service 2014-04-28 15:42:11 +01:00
dbus.socket.in systemd: enable the dbus service unconditionally 2010-09-06 03:21:17 +02:00
desktop-file.c Fix dbus-daemon crash due to invalid service file 2013-06-12 13:42:00 +01:00
desktop-file.h Remove unused key-word of DBus .service file 2013-10-09 10:53:38 +01:00
dir-watch-default.c Fix warnings on Windows builds. 2010-04-14 08:26:40 +02:00
dir-watch-inotify.c fix whitespace 2013-08-23 11:54:01 +01:00
dir-watch-kqueue.c kqueue: open watched directories with close-on-exec flag 2014-01-06 16:04:44 +00:00
dir-watch.h Clean up inotify watch handling 2010-02-01 16:22:56 -05:00
dispatch.c BusTransaction: remove confusing getter of connections 2014-01-06 15:59:18 +00:00
dispatch.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
driver.c Cleanup: simplify assertion check 2013-08-23 11:54:34 +01:00
driver.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
expirelist.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
expirelist.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
main.c Use SIGHUP without check in UNIX environment 2013-11-01 11:35:58 +00:00
Makefile.am Rename bus-test-launch-helper to test-bus-launch_helper to match common test application naming scheme. 2014-01-17 16:29:37 +00:00
messagebus-config.in Applied patches from cygwin port. 2010-08-10 08:25:24 +02:00
messagebus.in Fix use of $servicename in status 2010-07-09 11:52:59 -04:00
org.freedesktop.dbus-session.plist.in 10.4 is old so set more sensible launchd defaults. 2010-12-09 08:20:07 +01:00
policy.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
policy.h tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
rc.messagebus.in [legacy init script] Fix the use of $servicename 2010-04-23 12:02:19 -04:00
selinux.c selinux: Use selinux_set_mapping() to avoid hardcoded constants for policy 2013-11-07 14:52:27 -05:00
selinux.h Fix compilation in --disable-selinux case 2010-02-02 15:04:58 -05:00
services.c CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service 2014-06-05 14:36:17 +01:00
services.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
session.conf.in config: add new limit: pending_fd_timeout 2014-09-15 12:29:30 +01:00
signals.c Merge branch 'dbus-1.6' 2013-10-23 17:15:56 +01:00
signals.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
stats.c Stats: fix compilation issue 2014-09-04 15:42:45 +01:00
stats.h Revert addition of files which were only meant to exist on master, too 2012-01-23 10:27:32 +00:00
system.conf.in Clean up and clarify default system policy 2008-12-18 15:34:24 -05:00
test-launch-helper.c Export dbus_setenv() as a utility function 2013-08-23 11:40:50 +01:00
test-main.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
test-system.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
test.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
test.h tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
utils.c Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
utils.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00