On 03/16/2010 11:17 AM, Colin Walters wrote: > On Tue, Mar 16, 2010 at 10:54 AM, Matthias Clasen<mclasen@xxxxxxxxxx> wrote: > >> Any reason this cannot be an abstract socket ? Of course, then you have >> to check peer creds and figure out a way to communicate the socket name, >> but at least you don't have to worry about the usual races and >> permission problem you have with unix sockets. >> > People - reliably finding other programs and initiating communication > with them is 99% of the reason that DBus was created and exists in the > OS. > > In this case, the right thing is to claim a bus name (org.blah.MyApp), > export a method on it "org.blah.MyApp.GetSocket", which returns the > randomly-named path to your socket in /tmp. > > Using abstract sockets does NOT mean you don't have to worry about > permissions. Any other uid can still connect to the socket, so you > either need to do some sort of peer credentials if you want to > restrict it to the same uid. > PLEASE do not use /tmp for communications. Use /var/run if the service is running as root, or can create a socket in /var/run. Processes running with different UID communicating over /tmp will break in a namespace environment. Evil users have successfully in the past caused privileged apps to do evil things when the priv apps do stuff in /tmp. I believe it is a good idea to avoid priv apps using any directory where random users can write. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
