On Mon, 2015-09-28 at 17:21 +0200, Tomasz Swierczek wrote: > But they are allowed to connect to the dbus-daemon and thus system and > session bus, right? At least in IVI, that is important because many > system services are based on D-Bus. > > So once an app is allowed to connect (= has rw access to the D-Bus Unix > domain socket), it can send messages to anyone on that bus, including > other apps, unless the dbus-daemon as the intermediary does message > filtering. > > [Tomasz] we're currently in the process of releasing this patch: > https://review.tizen.org/gerrit/#/c/31310/ As we speak its not > available in the daily images due to some issues with signals in some > modules (we've rolled back the dbus package release last week), but > this is our goal. So no, an app should not own an interface on bus and > therefore could not register itself as DBus service => should not > receive messages from other apps.
That's the "can apps impersonate a service" aspect of it. I was thinking more of one app sending unsolicited messages to another app. That works without owning a well-known name and could be used by a malicious app to confuse another app (for example, when that other app waits for signals but then does not check the actual sender of the signal). That is also prevented by the default policy. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
