The current system.conf default policy is too confusing and ill specified.
Here's a pass at a rewrite which attempts to spell out exactly what we want in more explicit terms. Please review carefully line by line.
<!-- All users can connect to system bus -->
<!-- Holes must be punched in service configuration files for
name ownership and sending method calls -->
<!-- Signals and reply messages (method returns, errors) are allowed
by default -->
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<!-- All messages may be received by default -->
<!-- Allow anyone to talk to the message bus -->
<!-- But disallow some specific bus services -->
I think doing it this way makes a lot of sense. It's very clear what's going on this way.
My only concern would be if new message types got added that this would need to be updated. But that's not really an issue because it's unlikely that would happen since we're post-1.0 (and if it did, the patch would just need to remember to update the configuration)
Seems reasonable to me.
Pushed to 1.3 and 1.2:
Author: Colin Walters <email@example.com>
Date: Fri Dec 12 14:50:21 2008 -0500
Clean up and clarify default system policy
The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.