[Dev] enforcing priviliges of web apps (was: Re: New Tizen Bluetooth Framwork (NTB) wiki page)
patrick.ohly at intel.com
Wed May 14 09:32:41 GMT 2014
On Wed, 2014-05-14 at 11:15 +0200, José Bollo wrote:
> On mer, 2014-05-14 at 10:33 +0300, Kis, Zoltan wrote:
> > On Wed, May 14, 2014 at 9:53 AM, Patrick Ohly <patrick.ohly at intel.com> wrote:
> > > 4. Cynara called by dbus-daemon, based on service configuration.
> > >
> > > The advantage of option 4 over 3 is that we don't need to touch the many
> > > entry points into upstream services. However, it depends on Cynara
> > > behaving well inside the dbus-daemon event loop - blocking synchronous
> > > calls definitely will be a showstopper there. It also won't work well
> > > with kdbus.
> > In my view (may be wrong and I expect security people to correct me)
> > we may be able to solve that.
> IIRC, this solution wasn't already debated.
> IMHO, this solution is costly: time to do it, time to maintain it, time
> to make it accepted upstream, dependency of DBus to cynara, the
> configuration process isn't obvious.
On the other hand, it only needs to be done once, and probably is more
secure than relying on D-Bus service implementers to do the right thing
in their code.
> It also have the drawback to be DBus specific, letting part of the world
> outside of the scope.
True, non-D-Bus still needs a solution. But that is a separate issue.
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the Dev