The kdbuswreck
The kdbuswreck
Posted Apr 27, 2015 7:30 UTC (Mon) by cortana (subscriber, #24596)In reply to: The kdbuswreck by lsl
Parent article: The kdbuswreck
If you're saving passwords then you want to be sure that the 'org.freedesktop.secrets' address has not been taken by a password-stealing program.
Posted Apr 27, 2015 9:06 UTC (Mon)
by mchapman (subscriber, #66589)
[Link] (1 responses)
That seems like a completely orthogonal problem to me.
I'm going to reiterate what I said in my other post: D-Bus *already provides* the ability for a client to talk to "any object that implements a particular interface": simply replace the word "object" with "service" and "interface" with "object".
Posted Apr 27, 2015 9:16 UTC (Mon)
by mchapman (subscriber, #66589)
[Link]
Meh, I screwed that comment up. I should have said: simply replace the word "object" with "connection" and "interface" with "service".
That is, a D-Bus client does not care what connection provides a particular service; it relies on bus policy for that to be authorized appropriately.
That being said, I have the feeling there is very little stopping some malicious piece of software from killing off gnome-keyring-daemon, say, and grabbing the org.freedesktop.secrets bus name before GNOME has a chance to restart the daemon.
The kdbuswreck
The kdbuswreck