From 3ee7bdd638d4d695e5136ed82d34b85aa1e4076e Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 21 Jul 2011 16:43:51 +0100 Subject: [PATCH 3/5] Define eavesdropping, and document the eavesdrop match --- doc/dbus-specification.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 62 insertions(+), 0 deletions(-) diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 2abe799..ef5fde5 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -3861,6 +3861,40 @@ FIXME + + + Eavesdropping + + Receiving a unicast message whose DESTINATION + indicates a different recipient is called + eavesdropping. On a message bus which acts as + a security boundary (like the standard system bus), the security + policy should usually prevent eavesdropping, since unicast messages + are normally kept private and may contain security-sensitive + information. + + + + Eavesdropping is mainly useful for debugging tools, such as + the dbus-monitor tool in the reference + implementation of D-Bus. Tools which eavesdrop on the message bus + should be careful to avoid sending a reply or error in response to + messages intended for a different client. + + + + Clients may attempt to eavesdrop by adding match rules + (see ) containing + the eavesdrop='true' match. If the message bus' + security policy does not allow eavesdropping, the match rule can + still be added, but will not have any practical effect. For + compatibility with older message bus implementations, if adding such + a match rule results in an error reply, the client may fall back to + adding the same rule with the eavesdrop match + omitted. + + + Match Rules @@ -3877,6 +3911,12 @@ client regardless. As a result, match rules are mainly used to receive a subset of broadcast signals. + + Match rules can also be used for eavesdropping + (see ), + if the security policy of the message bus allows it. + + Match rules are added using the AddMatch bus method @@ -4054,6 +4094,28 @@ + + eavesdrop + 'true', 'false' + Since D-Bus 1.5.UNRELEASED, match rules do not + match messages which have a DESTINATION + field unless the match rule specifically + requests this + (see ) + by specifying eavesdrop='true' + in the match rule. eavesdrop='false' + restores the default behaviour. Messages are + delivered to their DESTINATION + regardless of match rules, so this match does not + affect normal delivery of unicast messages. + If the message bus has a security policy which forbids + eavesdropping, this match may still be used without error, + but will not have any practical effect. + In older versions of D-Bus, this match was not allowed + in match rules, and all match rules behaved as if + eavesdrop='true' had been used. + + -- 1.7.5.4