dbus-daemon(1): Put some scary warnings on <allow_anonymous/>

I'm far from convinced that this option should even *exist*, but it
should definitely be documented as a very bad thing.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 5d3680486712891c13b85c07fab629bb70f623cc)

diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in
index 094389d..899cec2 100644 (file)
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@@ -386,6 +386,13 @@ mechanism will be authorized to connect. This option has no practical
 effect unless the ANONYMOUS mechanism has also been enabled using the
 <emphasis remap='I'>&lt;auth&gt;</emphasis> element, described below.</para>
 
+<para>Using this directive in the configuration of the well-known
+  system bus or the well-known session bus will make that bus insecure
+  and should never be done. Similarly, on custom bus types, using this
+  directive will usually make the custom bus insecure, unless its
+  configuration has been specifically designed to prevent anonymous
+  users from causing damage or escalating privileges.</para>
+
 <itemizedlist remap='TP'>
 
   <listitem><para><emphasis remap='I'>&lt;listen&gt;</emphasis></para></listitem>