diff options
author | Simon McVittie <smcv@collabora.com> | 2018-04-12 13:57:00 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2018-04-25 16:48:01 +0100 |
commit | 9bd0256f32c62c3eb5b5a2bff2bee975f0e1e36d (patch) | |
tree | 950e079e5fe68296506a4eeddbd7b26bd964b940 /doc | |
parent | 6ea8268c55361556131f010dcc69d57e56180097 (diff) | |
download | dbus-9bd0256f32c62c3eb5b5a2bff2bee975f0e1e36d.tar.gz dbus-9bd0256f32c62c3eb5b5a2bff2bee975f0e1e36d.tar.bz2 dbus-9bd0256f32c62c3eb5b5a2bff2bee975f0e1e36d.zip |
dbus-daemon(1): Say that non-local TCP is insecure
With some fairly reasonable threat models (active or passive local
attacker able to eavesdrop on the network link, confidential
information being transferred via D-Bus), secure authentication is
insufficient to make this transport secure: it does not protect
confidentiality or integrity either.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 2513f84db68a9edad8558806b777ed6c284016b9)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/dbus-daemon.1.xml.in | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index b029232d..891fbfb0 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -148,8 +148,10 @@ bus.</para> <varlistentry> <term><option>--address[=ADDRESS]</option></term> <listitem> -<para>Set the address to listen on. This option overrides the address -configured in the configuration file.</para> + <para>Set the address to listen on. This option overrides the address + configured in the configuration file via the + <literal><listen></literal> directive. + See the documentation of that directive for more details.</para> </listitem> </varlistentry> <varlistentry> @@ -395,6 +397,24 @@ effect unless the ANONYMOUS mechanism has also been enabled using the address is in the standard D-Bus format that contains a transport name plus possible parameters/options.</para> +<para>On platforms other than Windows, <literal>unix</literal>-based + transports (<literal>unix</literal>, <literal>systemd</literal>, + <literal>launchd</literal>) are the default for both the well-known + system bus and the well-known session bus, and are strongly + recommended.</para> + +<para> + On Windows, <literal>unix</literal>-based transports are not available, + so TCP-based transports must be used. + Similar to remote X11, the <literal>tcp</literal> and + <literal>nonce-tcp</literal> transports have no integrity or + confidentiality protection, so they should normally only be + used across the local loopback interface, for example using an + address like <literal>tcp:host=127.0.0.1</literal> or + <literal>nonce-tcp:host=localhost</literal>. In particular, + configuring the well-known system bus or the well-known session + bus to listen on a non-loopback TCP address is insecure. +</para> <para>Example: <listen>unix:path=/tmp/foo</listen></para> |