diff options
author | Simon McVittie <smcv@collabora.com> | 2018-04-12 13:57:00 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2018-04-23 18:27:44 +0100 |
commit | 2513f84db68a9edad8558806b777ed6c284016b9 (patch) | |
tree | abe7821b393bc20c8cbf2dc4c7df2321ef1adb29 /doc/dbus-specification.xml | |
parent | 17e28cb1b8cb07e8ffc21bc8449f5b452fb7f066 (diff) | |
download | dbus-2513f84db68a9edad8558806b777ed6c284016b9.tar.gz |
spec, dbus-daemon(1): Say that non-local TCP is insecure
With some fairly reasonable threat models (active or passive local
attacker able to eavesdrop on the network link, confidential
information being transferred via D-Bus), secure authentication is
insufficient to make this transport secure: it does not protect
confidentiality or integrity either.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Diffstat (limited to 'doc/dbus-specification.xml')
-rw-r--r-- | doc/dbus-specification.xml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index b79d9ae3..b60868f5 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -3717,8 +3717,13 @@ located on the same or different hosts. </para> <para> - Using tcp transport without any additional secure authentification mechanismus - over a network is unsecure. + Similar to remote X11, the TCP transport has no integrity or + confidentiality protection, so it should normally only be + used across the local loopback interface, for example using an + address like <literal>tcp:host=127.0.0.1</literal> or + <literal>tcp:host=localhost</literal>. In particular, + configuring the well-known system bus or the well-known session + bus to listen on a non-loopback TCP address is insecure. </para> <para> On Windows and most Unix platforms, the TCP stack is unable to transfer |