Re: Security issues with abstract namespace sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/05/2011 04:33 PM, Matt McCutchen wrote:
> On Wed, 2011-01-05 at 15:25 -0500, Adam Jackson wrote:
>> On Wed, 2011-01-05 at 13:38 -0500, Matt McCutchen wrote:
>>> The
>>> more significant DoS condition is another user taking the name you want,
>>> which can happen in the abstract namespace but not in a directory only
>>> you can write.
>>
>> I don't have any of those.  If the X server is running as root (like in
>> the gdm case) then I can put the socket wherever I want.  If it's Xvfb,
>> then where do I put this directory?  $HOME ?  Nope, might not be
>> there.  /tmp/$USER ?  Won't work if someone else mkdir'd /tmp/ajax
>> before I did.
> 
> What about the XDG_RUNTIME_DIR (/var/run/user/$USER) from systemd?
> 
This does not exist until after the User has logged in.  X starts before
the user logs in.  Also multiple users need to be able to talk to same
xserver.  Not sure about switchuser.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0k5IEACgkQrlYvE4MpobPAYwCcD1bnU+qES3uv/tc/7Jw3jlwD
SQMAoJf+5uXZ2FkN2vLOOuiWLWojKSkB
=OpVt
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux