https://bugzilla.novell.com/show_bug.cgi?id=428963
User mmeeks@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=428963#c58
--- Comment #58 from Michael Meeks
Therefore any user can gain access to the session bus.
That sounds non-obvious to me. AFAICS the session bus is configured to only allow the owner of the session bus daemon to connect to it. We make a special exception for root (only). So - how is this dangerous ? Of course - one can imagine that user doing bad things to the app over the session bus (potentially), but similarly one can imagine sending it unexpected X messages too, or doing odd things to it's root window, or simulating key-presses or ... Why is this any more dangerous than sharing the X connection ? connection auth is done by more than the shared cookie (surely) otherwise there would be no problem in the 1st instance :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.