diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-11-14 19:14:13 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-11-14 19:14:13 +0000 |
| commit | 34e5fdee4e5e43b8563e6e02b8bdc94c083b2f47 (patch) | |
| tree | 96bb7635d3310786fb6eea365d2206926ef745b9 /README | |
| parent | 312274137b39dc63d079e7d85394a0ce28394a11 (diff) | |
| download | dbus-34e5fdee4e5e43b8563e6e02b8bdc94c083b2f47.tar.gz | |
README, HACKING: add some brief notes on reporting security vulnerabilities
We now have a private mailing list that can be the security contact.
Diffstat (limited to 'README')
| -rw-r--r-- | README | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -29,6 +29,25 @@ If your use-case isn't one of these, D-Bus may still be useful, but only by accident; so you should evaluate carefully whether D-Bus makes sense for your project. +Security +== + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group" (you might need to "Show +Advanced Fields" to have that option). + +On Unix systems, the system bus (dbus-daemon --system) is designed +to be a security boundary between users with different privileges. + +On Unix systems, the session bus (dbus-daemon --session) is designed +to be used by a single user, and only accessible by that user. + +We do not currently consider D-Bus on Windows to be security-supported, +and we do not recommend allowing untrusted users to access Windows +D-Bus via TCP. + Note: low-level API vs. high-level binding APIs === |