Re: Security issues with abstract namespace sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 05.01.11 16:47, Adam Jackson (ajax@xxxxxxxxxx) wrote:

> On Wed, 2011-01-05 at 16:33 -0500, Matt McCutchen wrote:
> > On Wed, 2011-01-05 at 15:25 -0500, Adam Jackson wrote:
> > > I don't have any of those.  If the X server is running as root (like in
> > > the gdm case) then I can put the socket wherever I want.  If it's Xvfb,
> > > then where do I put this directory?  $HOME ?  Nope, might not be
> > > there.  /tmp/$USER ?  Won't work if someone else mkdir'd /tmp/ajax
> > > before I did.
> > 
> > What about the XDG_RUNTIME_DIR (/var/run/user/$USER) from systemd?
> 
> atropine:~% ssh 10.16.61.101
> test@xxxxxxxxxxxx's password: 
> Last login: Wed Jan  5 16:42:43 2011
> [test@dhcp-10-16-61-101 ~]$ set | grep XDG
> [test@dhcp-10-16-61-101 ~]$ rpm -q systemd fedora-release
> systemd-15-1.fc15.x86_64
> fedora-release-15-0.3.noarch
> 
> Console login at least gives me an XDG_SESSION_COOKIE.

That should work. Probably during upgrade the PAM files weren't
corrected. Try invoking "authconfig".

XDG_SESSION_COOKIE is supposed to be secret and is probably going to go
away soonishly, as it is obsolete now that we have /proc/self/loginuid.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux