From: Greg KH <gregkh@linuxfoundation.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: David Herrmann <dh.herrmann@gmail.com>,
Daniel Mack <daniel@zonque.org>,
Djalal Harouni <tixxdz@opendz.org>,
lkml <linux-kernel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>,
Paul Osmialowski <p.osmialowsk@samsung.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Paul Moore <paul@paul-moore.com>
Subject: Re: kdbus: credential faking
Date: Fri, 10 Jul 2015 15:04:47 -0700 [thread overview]
Message-ID: <20150710220447.GA28139@kroah.com> (raw)
In-Reply-To: <559FDB04.2010805@tycho.nsa.gov>
On Fri, Jul 10, 2015 at 10:47:32AM -0400, Stephen Smalley wrote:
> On 07/10/2015 09:43 AM, David Herrmann wrote:
> > Hi
> >
> > On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> On 07/09/2015 06:22 PM, David Herrmann wrote:
> >>> To be clear, faking metadata has one use-case, and one use-case only:
> >>> dbus1 compatibility
> >>>
> >>> In dbus1, clients connect to a unix-socket placed in the file-system
> >>> hierarchy. To avoid breaking ABI for old clients, we support a
> >>> unix-kdbus proxy. This proxy is called systemd-bus-proxyd. It is
> >>> spawned once for each bus we proxy and simply remarshals messages from
> >>> the client to kdbus and vice versa.
> >>
> >> Is this truly necessary? Can't the distributions just update the client
> >> side libraries to use kdbus if enabled and be done with it? Doesn't
> >> this proxy undo many of the benefits of using kdbus in the first place?
> >
> > We need binary compatibility to dbus1. There're millions of
> > applications and language bindings with dbus1 compiled in, which we
> > cannot suddenly break.
>
> So, are you saying that there are many applications that statically link
> the dbus1 library implementation (thus the distributions can't just push
> an updated shared library that switches from using the socket to using
> kdbus), and that many of these applications are third party applications
> not packaged by the distributions (thus the distributions cannot just do
> a mass rebuild to update these applications too)?
Yes.
There are also programs that use "native" dbus libraries written in
other languages than C that use the unix-socket to talk the dbus
protocol to the system. As a specific example, Go has one of these
libraries, and it's built statically into go binaries, so there is no
"system library" that could be updated for these binaries to avoid this
interface.
I'm sure over time that these libraries will move toward using kdbus
"directly" if it is present, but at the moment, we don't have that
luxury.
> Otherwise, I would think that the use of a socket would just be an
> implementation detail and you would be free to change it without
> affecting dbus1 library ABI compatibility.
I wish we could, but we can't break programs that are currently running
today, that would be pretty mean.
thanks,
greg k-h
next prev parent reply other threads:[~2015-07-10 23:17 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-09 18:26 kdbus: credential faking Stephen Smalley
2015-07-09 22:22 ` David Herrmann
2015-07-09 22:56 ` Casey Schaufler
2015-07-10 9:05 ` David Herrmann
2015-07-10 13:29 ` Stephen Smalley
2015-07-10 13:25 ` Stephen Smalley
2015-07-10 13:43 ` David Herrmann
2015-07-10 14:20 ` Martin Steigerwald
2015-07-10 14:25 ` Martin Steigerwald
2015-07-10 14:47 ` Stephen Smalley
2015-07-10 14:57 ` Alex Elsayed
2015-07-10 16:20 ` Casey Schaufler
2015-07-10 16:30 ` Alex Elsayed
2015-07-10 17:46 ` Casey Schaufler
2015-07-10 16:48 ` David Herrmann
2015-07-10 18:13 ` Stephen Smalley
2015-07-10 22:04 ` Greg KH [this message]
2015-07-10 15:59 ` Casey Schaufler
2015-07-10 16:26 ` David Herrmann
2015-07-10 17:16 ` Casey Schaufler
2015-07-10 18:02 ` Richard Weinberger
2015-07-10 18:36 ` Casey Schaufler
2015-07-10 18:39 ` Richard Weinberger
2015-07-11 11:30 ` Richard Weinberger
2015-07-11 11:02 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150710220447.GA28139@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=casey@schaufler-ca.com \
--cc=daniel@zonque.org \
--cc=dh.herrmann@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=p.osmialowsk@samsung.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=tixxdz@opendz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).