this post was submitted on 15 Dec 2025
31 points (86.0% liked)

Linux

10605 readers
378 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
31
D-Bus is a disgrace to the Linux desktop (blog.vaxry.net)
submitted 22 hours ago by King@sh.itjust.works to c/linux@programming.dev
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] jrgd@lemmy.zip 8 points 15 hours ago* (last edited 15 hours ago) (2 children)

To be fair, D-Bus is a protocol. Proper documentation and standards is half of implementation. Without any well-defined standards, a protocol is essentially useless and/or lawless. While not every case of non-compliance is the fault of D-Bus, the general lax nature of how endpoints are intended to be defined as well as the incompleteness for the actual standards applications should adhere to is a significant factor for why many applications are the way they are. In addition to the severe security flaws in D-Bus, this could be written with extensions to the protocol, becoming a new standard. Though if the problems are as deeply rooted as they are, it's not entirely out of the question to create another standard that isn't D-Bus.

[–] realitaetsverlust@piefed.zip 3 points 11 hours ago* (last edited 11 hours ago)

So, first of all, I barely ever had to work with d-bus directly - I used it a few times and it was fine to use.

Without any well-defined standards, a protocol is essentially useless and/or lawless

When I look for "D-Bus Specification", I get this: https://dbus.freedesktop.org/doc/dbus-specification.html. This LOOKS like a proper documentation of the standard to me.

the general lax nature of how endpoints are intended to be defined ... is a significant factor for why many applications are the way they are

I feel like this is the same complaint people have about other things, like PHP for example. They see shitty PHP code (like wordpress) and are like: "Oh my god PHP is such a shitty language because this application is written like shit". But I don't blame a language, a framework or a protocol for the failures of the users. I don't feel like an application that close to the system core has to be absolutely "dummy proof". At some point, we should just expect that people know what they're doing, and if they don't, we should blame them, not the underlying technology.

[–] ulterno@programming.dev 0 points 7 hours ago

severe security flaws in D-Bus

I searched for this and all I got was CVEs in the implementations.
What are the flaws in the protocol that I don't know of? If you can link it, I would love to read.

I recently started interacting with code that had something to do with D-Bus and from what I saw, there were policy files, which are required to do anything with D-Bus endpoints provided by software. That's essentially where I stopped, considering that to be the end-all for D-Bus security.

What am I missing?