On Sat Jan 24 14:08, Josselin Mouette wrote: > Le samedi 24 janvier 2009 à 10:05 +0000, Matthew Johnson a écrit : > > Well, if they are using DBUS this should be fine. You cannot connect to > > a session bus with a uid other than the one it is running as (including > > root) > > Clearly that’s not the case, since the original issue happens over > D-Bus. In this case, not for authentication, but clearly the application > launched as root can connect to the session bus.
Well, clearly something else is going on because root can't connect to the session bus here, this is on Lenny. I'm also part of DBus upstream and AFAIK this part of the security policy has not changed: =0 [mjj29] $ dbus-launch --sh-syntax DBUS_SESSION_BUS_ADDRESS='unix:abstract=/tmp/dbus-NcM9i9iZek,guid=c8396b814246d79f7bc863b6497b356d'; export DBUS_SESSION_BUS_ADDRESS; DBUS_SESSION_BUS_PID=12888; =0 [mjj29] $ DBUS_SESSION_BUS_ADDRESS='unix:abstract=/tmp/dbus-NcM9i9iZek,guid=c8396b814246d79f7bc863b6497b356d'; =0 [mjj29] $ export DBUS_SESSION_BUS_ADDRESS; =0 [mjj29] $ DBUS_SESSION_BUS_PID=12888; =0 [mjj29] $ dbus-monitor signal sender=org.freedesktop.DBus -> dest=:1.0 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired string ":1.0" method call sender=:1.0 -> dest=org.freedesktop.DBus path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch string "type='method_call'" method call sender=:1.0 -> dest=org.freedesktop.DBus path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch string "type='method_return'" method call sender=:1.0 -> dest=org.freedesktop.DBus path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch string "type='error'" ^C =130 [mjj29] $ su Password: qadesh:/home/mjj29# echo $DBUS_SESSION_BUS_ADDRESS unix:abstract=/tmp/dbus-NcM9i9iZek,guid=c8396b814246d79f7bc863b6497b356d qadesh:/home/mjj29# dbus-monitor Failed to open connection to session message bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. qadesh:/home/mjj29# -- Matthew Johnson
signature.asc
Description: Digital signature
