Return-Path: Subject: Re: [Bluez-devel] Service level security for RFCOMM From: Marcel Holtmann To: Fred Schaettgen Cc: BlueZ Mailing List In-Reply-To: <200410291234.49907.bluez-devel@schaettgen.de> References: <1099024935.10164.11.camel@pegasus> <1099042277.31284.438.camel@baroque.rococosoft.com> <200410291234.49907.bluez-devel@schaettgen.de> Content-Type: text/plain Message-Id: <1099051827.10164.28.camel@pegasus> Mime-Version: 1.0 Sender: bluez-devel-admin@lists.sourceforge.net Errors-To: bluez-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Id: List-Post: List-Help: List-Subscribe: , List-Archive: Date: Fri, 29 Oct 2004 14:10:27 +0200 Hi Fred, > > > And btw, who is really interested in this feature or needs it? > > Over here! I'm interested. ok, so lets count. The KDE Bluetooth framework will be the first user :) > I would like to integrate service level security into the meta server of > kdebluetooth. At the moment you can allow/disallow connections (or show a > confirmation popup) based on the service/rfcomm channel and on the peer > device address, but we can't ask for an authenticated link. Being able to use > service level security would allow us to force authenticated links when using > any service other than obex push, which should work without having to pair > devices first. > IIRC I asked you to allow every user to send authentication requests a few > months ago, so that even programs running without root privileges can trigger > authentication. But then I didn't post it on the list as you told me, to let > other people comment on the security implications. The corresonding patch > changed only a single bit somewhere, but of course this solution is not very > conveniant. But if you want authentication to appear as a property of a > single rfcomm connection that's fine too, as long as a regular users are > allowed to use this feature. Would that be safe? You should always remember that the authentication is per device and not per service. You can trigger it on a per service basis, but it is still common for the complete device. Regards Marcel ------------------------------------------------------- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/ _______________________________________________ Bluez-devel mailing list Bluez-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bluez-devel