Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The problem with dbus is also that all these nice browser extensions that integrate websites with gnome/kde talk over dbus. These dbus APIs had several DOS vulnerabilities, some of which could be triggered by visiting any website. It is unacceptable that my desktop environment crashes just because something floods the dbus API, even moreso if it can be triggered by visiting a website.

So if you are a security researcher, dbus is a very worthwhile entry point if you want to improve some open source software :-)



What browser extensions? Why would I want websites to integrate with gnome or kde? What does that even mean?


Isn’t this bad boy installed by default in most Gnome distros? https://chromewebstore.google.com/detail/gnome-shell-integra...


I'm guessing the poster meant the USB and Bluetooth browser protocols (which I still find insane how anyone thought those were a good idea, but it's literally the only way to configure some keyboards today).


Those are not extensions. Not can you use them to talk to dbus.


Not an issue with a standalone VM :D


Now you have two problems.


s,VM,WM, sorry. No, not two problems; I can always spawn whatever tool requiring dbus with dbus-launch while keeping my window manager aside.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: