tbr | today's fun topic: think up how to proxy things between dbus and the push service | 08:52 |
---|---|---|
tbr | I guess it would make sense to put some sort of restrictions on this, so that it's not possible to wreak uncontrolled havoc on remote devices | 09:48 |
kimmoli | what restrictions? pin? count per time limitation? | 09:52 |
tbr | more as in to what you can send messages | 09:53 |
kimmoli | ? | 09:54 |
kimmoli | mean different datatypes | 09:54 |
kimmoli | ? | 09:54 |
tbr | If I allow arbitrary DBus messages then you can mess with contacts, put the device online, offline, switch on ap mode, etc | 09:55 |
tbr | everything that you can do on the dbus user session, suddenly you can do remotely | 09:56 |
kimmoli | thats not good idea.. | 10:00 |
kimmoli | did you intend to frame dbus messages overmqtt ? | 10:00 |
tbr | I'm currently exploring all directions and at the same time thinking how I would exploit them | 10:08 |
tbr | for comparison I'm going to read http://bazaar.launchpad.net/~ubuntu-push-hackers/ubuntu-push/trunk/view/head:/docs/lowlevel.txt | 10:08 |
tbr | no need to reinvent the wheel | 10:09 |
tbr | their token approach makes sense | 10:31 |
tbr | not sure how aplicable the rest is, as they use specific app IDs etc | 10:37 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!