Fwd: Geoclue & permissions
Zeeshan Ali Khattak
Mon Apr 21 16:48:42 PDT 2014
On Mon, Apr 21, 2014 at 9:50 PM, Dan Williams <dcbw at redhat.com> wrote:
> On Thu, 2014-04-17 at 17:36 +0100, Zeeshan Ali (Khattak) wrote:
>> Hi everyone,
>> I'm forwarding my short discussion with Jouni about permissions on
>> D-Bus interface, as per his suggestion to bring the discussion to this
> I'm probably the one that initially did the restrictions, just because
> nobody really needed to use the supplicant as a normal user long ago
> when the D-Bus stuff was added.
> So D-Bus methods that are read-only and cannot affect the operation of
> the interface could certainly be made available to normal users. That
> would include stuff like the properties of the current connection, the
> list of scanned access points, etc.
> Anything functional should still be restricted to root. Note that the
> supplicant does not do any interesting authentication internally, it
> relies on D-Bus permissions checking. So if there are some read/write
> properties that you'd like to allow *reading* by a user, but not
> writing, then we'd need to add code to do some internal verification
> since the D-Bus permissions are not fine-grained enough for that.
> This means I suggest option #3 below. I cannot think of a great reason
> to restrict read-only properties and methods from all users as long as
> those methods/properties do not expose private information.
Thanks, I'll submit a patch soon for this then.
Zeeshan Ali (Khattak)
Befriend GNOME: http://www.gnome.org/friends/
More information about the Hostap