On Apr 17, 2015 5:42 AM, "Simon McVittie" <simon.mcvit...@collabora.co.uk> wrote: > > On 16/04/15 15:52, Andy Lutomirski wrote: > > (I really think this dichotomy > > needs to be removed, *especially* since it looks like code already > > exists to try to use both metadata sources. This seems like it's just > > asking for security screw-ups.) > > Would it address this concern if there was an explicit API separation > into "things that can't be faked, suitable for authorization" and > "things that could have been faked, only suitable for debugging" - such > that the uid would be in the first set only, capabilities would be in > the first set on kdbus but absent or in the second set on traditional > D-Bus, and /proc/*/cmdline would always be in the second set?
It would certainly improve the sd-bus code, I think. I'm not a systemd developer, though. From the kernel side, I don't even see the point of reporting caps for debugging IPC things. --Andy _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel