Opened 4 years ago

Last modified 4 years ago

#1200 new enhancement/feature request

Missing config file for using the system D-Bus

Reported by: tuxmaster Owned by: cp15
Priority: major Milestone:
Component: dbus Version: git master
Severity: normal Keywords:
Cc:

Description

Hello, when using the system bus as an alternative to the session bus, then an special configure file will be needed for security reasons. It must be placed under /etc/dbus-1/system.d/.

I have attached it for review.

Attachments (1)

navit.conf (3.4 KB) - added by tuxmaster 4 years ago.
The D-Bus configurstion file

Download all attachments as: .zip

Change History (6)

Changed 4 years ago by tuxmaster

The D-Bus configurstion file

comment:1 Changed 4 years ago by usul

Thanks for your submission. I'm not sure if I understood what this is all about, can you please give us a bit more information?

comment:2 Changed 4 years ago by tuxmaster

Yes of course, when navit is build to run on the system d-bus (witch was default at me without modify any cmake options) all access to it written here(http://wiki.navit-project.org/index.php/Dbus) are rejected. This will happened, because all access on the system d-bus are restricted. Only the session d-bus are relative relax. So you must provide an access rule file like this in my attachment for the system d-bus to get navit run.

comment:3 Changed 4 years ago by tryagain

Hi!

Wouldn't it be better to switch our default to use session dbus?

I'm not familiar with dbus, but word 'system' turns my paranoid mode on. It could be a security risk to allow other users in system control navit by default.

Also, all examples on wiki seem to connect to session dbus.

tryagain.

Last edited 4 years ago by tryagain (previous) (diff)

comment:4 Changed 4 years ago by tuxmaster

Hello, I think is some more complex. As I know sessions bus is limit to the current user, so that only the user owned the process can used the dbus for navit. When it shut work above user boarders then the system bus is needed. Here must be defined which function can be called by which user/group.

comment:5 Changed 4 years ago by sleske

I have not looked deeply into this issue either, but I tend to agree with tryagain.

Using the system DBus, and modifying system-wide configuration seems dangerous and unnecessary. I do not see the need to control Navit from a user different from the one it is running under. So the default should probably be switched to use session DBus.

Note: See TracTickets for help on using tickets.