Le mercredi 26 novembre 2014 à 14:48 +0100, Jacek Bukarewicz a écrit : > Hi, > > Recently D-Bus version 1.8.2 has landed in the common image. Also, new > Cynara version supporting asynchronous API has been released, so I > believe it's time to push Cynara integration patches to the tizen branch > - now they are put in my sandbox. There are 40 commits for Cynara-DBus > daemon integration and 4 commits for "GetConnectionCredentials" method > smack support. Number of patches is pretty big so I'll squash them into > several bigger ones before sending to review (unless you think it's not > required). I also prepared a wiki page on Cynara/D-Bus integration: > https://wiki.tizen.org/wiki/Security:Cynara:DBus_integration > > Before I send the changes to the review there are several things I'd > like you to be aware of. The most important fact is that these patches > are very unlikely to be accepted in the upstream. D-Bus maintainer made > it pretty clear [1]. The biggest problem is the fact that we're doing > asynchronous checks within D-Bus daemon which processes messages > synchronously. I believe that if checks were synchronous, the changes > would be acceptable. > The proposed alternative is to perform checks on the service side. > However, this is also problematic: > * additional code needs to be written > * services sending sensitive broadcast messages would have to be modified > * whether such patches will be accepted in the upstream is dubious as > Cynara is still a fresh project. > * connection credentials needs to be obtained via > "GetConnectionCredentials" method which also makes the process less > efficient. Credentials could possibly be cached on the service side, but > it's also additional code to write.
Hi Jaceck, This last is a big evolution from previous DBUS version. I'm not sure to understand why it "makes the process less efficient". However it may break some legacy code. I've searched quickly in some copies of tizen.org repo and did not found much references to GetConnectionUnixUser (cynara, crosswalk) or GetConnectionSmackContext (no package). Thus including a legacy function for GetConnectionSmackContext is not needed. > Recent talks on the D-Bus mailing list suggest that in the future all > messages could contain connection credentials [2] which would make > integration process on the service side a bit easier. Such posts suggest > that performing checks on the service side is an approach that is > endorsed by the community. From my understanding it will also be the > suggested way of securing kdbus services. That is very interesting. Thank you for that input, even if it exclude the path taken by tizen. > So we basically have an option of securing services via configuration > files and directly in the services. Neither of these approaches is > perfect, but I believe at this point patching dbus daemon and > maintaining security policy in individual configuration files is better > solution. Especially considering the fact that Cynara integration in > dbus daemon is done (but review is still needed). I agree with you and I'm hoping that the work you made with Patrick will be available very soon in tizen common. Best regards José Bollo _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
