diff options
author | Alban Crequy <alban.crequy@collabora.co.uk> | 2014-07-08 12:00:58 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-09-15 19:20:17 +0100 |
commit | a3477feb7aa8658602cceb8d29ae370a83002172 (patch) | |
tree | fdc9e8990e57414b55c7648f8e7732e91c732b6d | |
parent | 346da99f7620e6901e7c7babd4590fcc5aac32bf (diff) | |
download | dbus-a3477feb7aa8658602cceb8d29ae370a83002172.tar.gz |
config: change default auth_timeout to 5 seconds
This partially addresses CVE-2014-3639.
This will change the default on the system bus where the limit
<limit name="auth_timeout">...</limit>
is not specified.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80919
Reviewed-by: Thiago Macieira <thiago@kde.org>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
(cherry picked from commit 54d26df52b6a394bea175651d1d7ad2ab3f87dea)
-rw-r--r-- | bus/config-parser.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bus/config-parser.c b/bus/config-parser.c index cc29ef44..95d69a48 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -427,7 +427,7 @@ bus_config_parser_new (const DBusString *basedir, * and legitimate auth will fail. If interactive auth (ask user for * password) is allowed, then potentially it has to be quite long. */ - parser->limits.auth_timeout = 30000; /* 30 seconds */ + parser->limits.auth_timeout = 5000; /* 5 seconds */ parser->limits.max_incomplete_connections = 64; parser->limits.max_connections_per_user = 256; |