Hi,
Recently D-Bus version 1.8.2 has landed in the common image. Also, new
Cynara version supporting asynchronous API has been released, so I
believe it's time to push Cynara integration patches to the tizen branch
- now they are put in my sandbox. There are 40 commits for Cynara-DBus
daemon integration and 4 commits for "GetConnectionCredentials" method
smack support. Number of patches is pretty big so I'll squash them into
several bigger ones before sending to review (unless you think it's not
required). I also prepared a wiki page on Cynara/D-Bus integration:
https://wiki.tizen.org/wiki/Security:Cynara:DBus_integration
Before I send the changes to the review there are several things I'd
like you to be aware of. The most important fact is that these patches
are very unlikely to be accepted in the upstream. D-Bus maintainer made
it pretty clear [1]. The biggest problem is the fact that we're doing
asynchronous checks within D-Bus daemon which processes messages
synchronously. I believe that if checks were synchronous, the changes
would be acceptable.
The proposed alternative is to perform checks on the service side.
However, this is also problematic:
* additional code needs to be written
* services sending sensitive broadcast messages would have to be modified
* whether such patches will be accepted in the upstream is dubious as
Cynara is still a fresh project.
* connection credentials needs to be obtained via
"GetConnectionCredentials" method which also makes the process less
efficient. Credentials could possibly be cached on the service side, but
it's also additional code to write.
Recent talks on the D-Bus mailing list suggest that in the future all
messages could contain connection credentials [2] which would make
integration process on the service side a bit easier. Such posts suggest
that performing checks on the service side is an approach that is
endorsed by the community. From my understanding it will also be the
suggested way of securing kdbus services.
So we basically have an option of securing services via configuration
files and directly in the services. Neither of these approaches is
perfect, but I believe at this point patching dbus daemon and
maintaining security policy in individual configuration files is better
solution. Especially considering the fact that Cynara integration in
dbus daemon is done (but review is still needed).
[1] https://bugs.freedesktop.org/show_bug.cgi?id=86194#c5
[2] http://lists.freedesktop.org/archives/dbus/2014-November/016434.html
Best regards,
--
Jacek Bukarewicz
Samsung R&D Institute Poland
Samsung Electronics
[email protected]
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
