I'm far from convinced that this option should even *exist*, but it
should definitely be documented as a very bad thing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit
5d3680486712891c13b85c07fab629bb70f623cc)
effect unless the ANONYMOUS mechanism has also been enabled using the
<emphasis remap='I'><auth></emphasis> element, described below.</para>
effect unless the ANONYMOUS mechanism has also been enabled using the
<emphasis remap='I'><auth></emphasis> element, described below.</para>
+<para>Using this directive in the configuration of the well-known
+ system bus or the well-known session bus will make that bus insecure
+ and should never be done. Similarly, on custom bus types, using this
+ directive will usually make the custom bus insecure, unless its
+ configuration has been specifically designed to prevent anonymous
+ users from causing damage or escalating privileges.</para>
+
<itemizedlist remap='TP'>
<listitem><para><emphasis remap='I'><listen></emphasis></para></listitem>
<itemizedlist remap='TP'>
<listitem><para><emphasis remap='I'><listen></emphasis></para></listitem>