Commit 54d26df5 authored by Alban Crequy's avatar Alban Crequy Committed by Simon McVittie

config: change default auth_timeout to 5 seconds

This partially addresses CVE-2014-3639.

This will change the default on the system bus where the limit
  <limit name="auth_timeout">...</limit>
is not specified.

Bug: 's avatarThiago Macieira <>
Reviewed-by: 's avatarSimon McVittie <>
parent 6465e37c
......@@ -438,7 +438,7 @@ bus_config_parser_new (const DBusString *basedir,
* and legitimate auth will fail. If interactive auth (ask user for
* password) is allowed, then potentially it has to be quite long.
parser->limits.auth_timeout = 30000; /* 30 seconds */
parser->limits.auth_timeout = 5000; /* 5 seconds */
parser->limits.max_incomplete_connections = 64;
parser->limits.max_connections_per_user = 256;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment