config: change default auth_timeout to 5 seconds

This partially addresses CVE-2014-3639. This will change the default on the system bus where the limit <limit name="auth_timeout">...</limit> is not specified. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80919 Reviewed-by: Thiago Macieira <thiago@kde.org> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
author: Alban Crequy <alban.crequy@collabora.co.uk> 2014-07-08 12:00:58 +0100
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2014-09-15 12:28:10 +0100
commit: 54d26df52b6a394bea175651d1d7ad2ab3f87dea (patch)
tree: f766caf4531887312bf50ad14450bbdc0d26e5eb
parent: 6465e37c8ff70a714e302d0c9e6534fa6181fce6 (diff)
download: dbus-54d26df52b6a394bea175651d1d7ad2ab3f87dea.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/bus/config-parser.c b/bus/config-parser.c
index 7217531c..814725a1 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@@ -438,7 +438,7 @@ bus_config_parser_new (const DBusString      *basedir,
        * and legitimate auth will fail.  If interactive auth (ask user for
        * password) is allowed, then potentially it has to be quite long.
        */
-      parser->limits.auth_timeout = 30000; /* 30 seconds */
+      parser->limits.auth_timeout = 5000; /* 5 seconds */
       
       parser->limits.max_incomplete_connections = 64;
       parser->limits.max_connections_per_user = 256;
author	Alban Crequy <alban.crequy@collabora.co.uk>	2014-07-08 12:00:58 +0100
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2014-09-15 12:28:10 +0100
commit	54d26df52b6a394bea175651d1d7ad2ab3f87dea (patch)
tree	f766caf4531887312bf50ad14450bbdc0d26e5eb
parent	6465e37c8ff70a714e302d0c9e6534fa6181fce6 (diff)
download	dbus-54d26df52b6a394bea175651d1d7ad2ab3f87dea.tar.gz