dbus-daemon(1): Recommend requiring EXTERNAL on non-Windows OSs

This is the default, and blocks TCP-based attacks by making the attacker fail to authenticate (while also preventing inadvisable TCP-based configurations from working). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com> (cherry picked from commit aef4475939a773e1a205a71d641ea2bb6793ab92)
author: Simon McVittie <smcv@collabora.com> 2018-04-12 14:09:19 +0100
committer: Simon McVittie <smcv@collabora.com> 2018-04-25 16:48:17 +0100
commit: a3a37f8bc2ab731b1771d8bab0b78dd37c8fd05e (patch)
tree: 8cf0fa0e5e42e2e0de4dbb160efdbc118893bcaa
parent: 682ab5e56493232bd67ae78df0a0ce825f4f1ec4 (diff)
download: dbus-a3a37f8bc2ab731b1771d8bab0b78dd37c8fd05e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in
index 899cec26..42e3f86f 100644
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@@ -491,6 +491,10 @@ exist, then all known mechanisms are allowed.  If there are multiple
 &lt;auth&gt; elements, all the listed mechanisms are allowed.  The order in
 which mechanisms are listed is not meaningful.</para>
 
+<para>On non-Windows operating systems, allowing only the
+  <literal>EXTERNAL</literal> authentication
+  mechanism is strongly recommended. This is the default for the
+  well-known system bus and for the well-known session bus.</para>
 
 <para>Example: &lt;auth&gt;EXTERNAL&lt;/auth&gt;</para>
author	Simon McVittie <smcv@collabora.com>	2018-04-12 14:09:19 +0100
committer	Simon McVittie <smcv@collabora.com>	2018-04-25 16:48:17 +0100
commit	a3a37f8bc2ab731b1771d8bab0b78dd37c8fd05e (patch)
tree	8cf0fa0e5e42e2e0de4dbb160efdbc118893bcaa
parent	682ab5e56493232bd67ae78df0a0ce825f4f1ec4 (diff)
download	dbus-a3a37f8bc2ab731b1771d8bab0b78dd37c8fd05e.tar.gz