|
|
Log in / Subscribe / Register

The kdbuswreck

The kdbuswreck

Posted Apr 22, 2015 22:24 UTC (Wed) by corbet (editor, #1)
In reply to: The kdbuswreck by mezcalero
Parent article: The kdbuswreck

Oh well, if you don't believe what the kdbus folks say, how about actually *checking* the kdbus code? It's all open, for review. Also why would you assume that the kdbus developers are dishonest about this?

Oh come on, now you are just looking for trouble. Who said anything about dishonesty?

From Andy:

But I don't believe that for a second. AFAICS sd-bus (maybe the primary implementation) will always set that flag if for no other reason than that it *doesn't know* when the client is trying to assert a capability. So we'd be giving users a gun which is, in practice, only ever pointed at the users' feet.

He's not calling anybody dishonest either. He's saying the optionality at one level of the code is unlikely to make it through to real-world use. I believe you knew this.

With regard to the title...perhaps it was a bad choice, but "buswreck" (or "trainwreck") is a fairly common English term for an unfortunate situation. I still believe that you have to stretch pretty hard to say that "The kdbuswreck" (note "the") somehow refers to the code. And I'm somewhat amused by your statement that people read only my titles and not the actual text...

to post comments

The kdbuswreck

Posted Apr 22, 2015 22:31 UTC (Wed) by branden (guest, #7029) [Link] (2 responses)

Next time, dear editor, just call it a clusterf*ck. :-|

The kdbuswreck

Posted Apr 23, 2015 4:21 UTC (Thu) by bronson (subscriber, #4806) [Link] (1 responses)

"The kdbust" has a more hopeless ring to it. :)

The kdbuswreck

Posted Apr 24, 2015 13:24 UTC (Fri) by ncm (guest, #165) [Link]

It would most precisely be called a "dust-up".

The kdbuswreck

Posted Apr 22, 2015 22:56 UTC (Wed) by mezcalero (subscriber, #45103) [Link]

To state this clearly: sd-bus allows overriding of both creds mask. By default though the receiving mask sets uid/pid/selinux label/caps, since that what is necessary for basic authentication. The sending mask allows all bits. If you choose to deviate from this, you can freely set other masks, note though that if you suppress the creds necessary for authorization this has the effect that all services that want to authorize will deny access to you, but I figure that's hardly surprising.

The kdbuswreck

Posted Apr 23, 2015 8:22 UTC (Thu) by edomaur (subscriber, #14520) [Link]

Well, I agree with Lennart, before reading the article, I assumed that it was, in fact, about the codebase.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds