Fwd: Geoclue & permissions

Zeeshan Ali Khattak zeeshanak
Mon Apr 21 16:48:42 PDT 2014


On Mon, Apr 21, 2014 at 9:50 PM, Dan Williams <dcbw at redhat.com> wrote:
> On Thu, 2014-04-17 at 17:36 +0100, Zeeshan Ali (Khattak) wrote:
>> Hi everyone,
>>
>> I'm forwarding my short discussion with Jouni about permissions on
>> D-Bus interface, as per his suggestion to bring the discussion to this
>> list.

Hi Dan,

> I'm probably the one that initially did the restrictions, just because
> nobody really needed to use the supplicant as a normal user long ago
> when the D-Bus stuff was added.
>
> So D-Bus methods that are read-only and cannot affect the operation of
> the interface could certainly be made available to normal users.  That
> would include stuff like the properties of the current connection, the
> list of scanned access points, etc.
>
> Anything functional should still be restricted to root.  Note that the
> supplicant does not do any interesting authentication internally, it
> relies on D-Bus permissions checking.  So if there are some read/write
> properties that you'd like to allow *reading* by a user, but not
> writing, then we'd need to add code to do some internal verification
> since the D-Bus permissions are not fine-grained enough for that.
>
> This means I suggest option #3 below.  I cannot think of a great reason
> to restrict read-only properties and methods from all users as long as
> those methods/properties do not expose private information.

Thanks, I'll submit a patch soon for this then.

-- 
Regards,

Zeeshan Ali (Khattak)
________________________________________
Befriend GNOME: http://www.gnome.org/friends/



More information about the Hostap mailing list