[Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded UID issue
jussi.laako at linux.intel.com
Mon Oct 14 09:22:00 GMT 2013
On 12.10.2013 1:16, Stéphane Desneux wrote:
> If we don't want to set a static address for the dbus session address
> (would it be a security hole ?), it may even be more tricky: the DBUS
> session address will be set when libdbus forks dbus--session, i.e. when
> the first dbus app will start. From a security POV, I prefer random
> sockets but it's even harder to define what's the correct environment to
> paste into the application process.
No, dbus session bus daemon should be started explicitly at session
creation (like on desktops) and it will generate a random address which
then gets set to the environment.
Now the environment seen by the dbus-daemon and any services launched by
it is fresh clean from the session creation and not something from any
If launcher is auto-started by session dbus-daemon it will automagically
inherit clean user environment and that will get properly passed on to
any launched applications.
Although for launcher you could rather use p2p dbus and not session bus
since you want to keep the launcher running always anyway and this way
you get more control over the environment. Address can be still random
and passed on as part of the session.
More information about the Dev