diff options
author | Simon McVittie <smcv@collabora.com> | 2018-04-12 14:09:19 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2018-04-25 16:48:17 +0100 |
commit | a3a37f8bc2ab731b1771d8bab0b78dd37c8fd05e (patch) | |
tree | 8cf0fa0e5e42e2e0de4dbb160efdbc118893bcaa | |
parent | 682ab5e56493232bd67ae78df0a0ce825f4f1ec4 (diff) | |
download | dbus-a3a37f8bc2ab731b1771d8bab0b78dd37c8fd05e.tar.gz |
dbus-daemon(1): Recommend requiring EXTERNAL on non-Windows OSs
This is the default, and blocks TCP-based attacks by making the
attacker fail to authenticate (while also preventing inadvisable
TCP-based configurations from working).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit aef4475939a773e1a205a71d641ea2bb6793ab92)
-rw-r--r-- | doc/dbus-daemon.1.xml.in | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 899cec26..42e3f86f 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -491,6 +491,10 @@ exist, then all known mechanisms are allowed. If there are multiple <auth> elements, all the listed mechanisms are allowed. The order in which mechanisms are listed is not meaningful.</para> +<para>On non-Windows operating systems, allowing only the + <literal>EXTERNAL</literal> authentication + mechanism is strongly recommended. This is the default for the + well-known system bus and for the well-known session bus.</para> <para>Example: <auth>EXTERNAL</auth></para> |