From: Marcel Holtmann <marcel@holtmann.org>
To: Jean-Jacques Brucker <jjbrucker@free.fr>
Cc: bluez-devel@lists.sourceforge.net
Subject: Re: [Bluez-devel] hcid pairing bug when security is auto
Date: Sat, 30 Sep 2006 10:01:16 +0200 [thread overview]
Message-ID: <1159603276.5407.7.camel@aeonflux.holtmann.net> (raw)
In-Reply-To: <200609300218.36747.jjbrucker@free.fr>
Hi Jean-Jacques,
> > This is for debugging purpose and really special use cases.
> Which ones (use cases) ?
I think the debugging purpose is clear, I needed it. The special use
cases are fixed pair of devices with a fixed PIN or a static random PIN
that people can remember. It is possible to implement all this using the
passkey agent, but for some embedded devices a static PIN is needed and
therefor it is there. However, this feature is undocumented for a
reason, but it is not for the ordinary desktop user. The desktop user
also has no write access to this directory.
> I've tried the bluez passkey-agent, and it is not very practical to have 3
> "deamons" (hcid, dbus-daemon and the passkey agent) just to pair new devices.
The hcid is running as root, the system D-Bus daemon as message bus user
and the passkey agent as normal unprivileged user. It is not black and
white and Linux (including Bluez) scales from very small system to big
ones.
> At least explain me why the auto mode make the difference between outgoing and
> incoming connections ?
> Or make the auto mode use the default passkey in both cases ! (or remove the
> auto mode to really force users to use dbus ...).
The auto mode is no longer default. That was a mistake in the default
config. What you really want is user, which is also more secure than a
default PIN for all incoming connection. The reason why it exists is
historical. We wrote it when the first chips supported authentication
and encryption. Sounded like a nice idea back then.
Regards
Marcel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
prev parent reply other threads:[~2006-09-30 8:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-28 17:19 [Bluez-devel] possible regression under rf interference Marsette Vona
2006-09-29 11:50 ` Marcel Holtmann
2006-09-29 20:08 ` hcid pairing bug when security is auto Jean-Jacques Brucker
2006-09-29 23:09 ` [Bluez-devel] " Marcel Holtmann
2006-09-30 0:18 ` Jean-Jacques Brucker
2006-09-30 8:01 ` Marcel Holtmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1159603276.5407.7.camel@aeonflux.holtmann.net \
--to=marcel@holtmann.org \
--cc=bluez-devel@lists.sourceforge.net \
--cc=jjbrucker@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox