Re: [Bluez-devel] Service level security for RFCOMM

[Marcel Holtmann <marcel@holtmann.org>]

Hi Fred,

> > > And btw, who is really interested in this feature or needs it?
> 
> Over here! I'm interested.

ok, so lets count. The KDE Bluetooth framework will be the first user :)

> I would like to integrate service level security into the meta server of 
> kdebluetooth. At the moment you can allow/disallow connections (or show a 
> confirmation popup) based on the service/rfcomm channel and on the peer 
> device address, but we can't ask for an authenticated link. Being able to use 
> service level security would allow us to force authenticated links when using 
> any service other than obex push, which should work without having to pair 
> devices first.
> IIRC I asked you to allow every user to send authentication requests a few 
> months ago, so that even programs running without root privileges can trigger 
> authentication. But then I didn't post it on the list as you told me, to let 
> other people comment on the security implications. The corresonding patch 
> changed only a single bit somewhere, but of course this solution is not very 
> conveniant. But if you want authentication to appear as a property of a 
> single rfcomm connection that's fine too, as long as a regular users are 
> allowed to use this feature. Would that be safe?

You should always remember that the authentication is per device and not
per service. You can trigger it on a per service basis, but it is still
common for the complete device.

Regards

Marcel




-------------------------------------------------------
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel