On Sun Jan 04 13:40, Thijs Kinkhorst wrote: > Hi, Matthew, > > > Tags: security > > > > libosso1 ships /etc/dbus-1/system.d/libosso.conf which turns off all the > > security checks on the system bus by allowing all messages from everyone > > to everyone else. This is bad mkay? > > As I understand it, "Maemo" is a kind of handheld device platform. I do not > understand yet how this would be a security issue on such a device, can you > clarify? > Well, it's in Debian main, so anyone can install it and if they do so all security is instantly disabled on the system bus. It's not something which should be encouraged, even on a handheld device. Anyway, there's no reason to do that since people should just write the correct rules anyway. I'm told that Maemo has two users anyway, root and user. This will break any separation between them on the system bus.
Matt -- Matthew Johnson
signature.asc
Description: Digital signature
