spec, dbus-daemon(1): Recommend against remote TCP for debugging

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add a TODO comment as suggested]
Signed-off-by: Simon McVittie <smcv@collabora.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index b60868f5..6ed317ff 100644
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -3731,6 +3731,16 @@
         mechanism does not work for this transport.
       </para>
       <para>
+        Developers are sometimes tempted to use remote TCP as a debugging
+        tool. However, if this functionality is left enabled in finished
+        products, the result will be dangerously insecure. Instead of
+        using remote TCP, developers should <ulink
+          url="https://lists.freedesktop.org/archives/dbus/2018-April/017447.html"
+          >relay connections via Secure Shell or a similar protocol</ulink>.
+        <!-- TODO: Ideally someone would write a more formal guide to
+             remote D-Bus debugging, and we could link to that instead -->
+      </para>
+      <para>
         All <literal>tcp</literal> addresses are listenable.
         <literal>tcp</literal> addresses in which both
         <literal>host</literal> and <literal>port</literal> are