diff options
author | Simon McVittie <smcv@collabora.com> | 2018-04-12 14:08:08 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2018-04-25 16:48:17 +0100 |
commit | 682ab5e56493232bd67ae78df0a0ce825f4f1ec4 (patch) | |
tree | 0ae5215431264f2becc1cdcc7a366d2ddf75c945 | |
parent | c1c9ecaa8a3d6a23fa9eae71d37eafacb9c9b975 (diff) | |
download | dbus-682ab5e56493232bd67ae78df0a0ce825f4f1ec4.tar.gz |
dbus-daemon(1): Put some scary warnings on <allow_anonymous/>
I'm far from convinced that this option should even *exist*, but it
should definitely be documented as a very bad thing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 5d3680486712891c13b85c07fab629bb70f623cc)
-rw-r--r-- | doc/dbus-daemon.1.xml.in | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 094389df..899cec26 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -386,6 +386,13 @@ mechanism will be authorized to connect. This option has no practical effect unless the ANONYMOUS mechanism has also been enabled using the <emphasis remap='I'><auth></emphasis> element, described below.</para> +<para>Using this directive in the configuration of the well-known + system bus or the well-known session bus will make that bus insecure + and should never be done. Similarly, on custom bus types, using this + directive will usually make the custom bus insecure, unless its + configuration has been specifically designed to prevent anonymous + users from causing damage or escalating privileges.</para> + <itemizedlist remap='TP'> <listitem><para><emphasis remap='I'><listen></emphasis></para></listitem> |