Re: Bad file access on the rise

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 07.06.13 22:33, Richard W.M. Jones (rjones@xxxxxxxxxx) wrote:

> On Fri, Jun 07, 2013 at 06:55:46PM +0200, Lennart Poettering wrote:
> > User "simo" creates /dev/shm/1000/ even though 1000 is the UID of user
> > "lennart". Lennart can never start PA again, ever. And can't do anything
> > about it, because "simo" is in control, and /dev/shm is sticky.
> 
> For /run we create /run/user/<uid> in pam_systemd (I think?).
> Can we do the same for /dev/shm/<uid>?

There's no benefit in doing that.

/run/user is not world-writable. Hence creating this dir at login time
is totally safe, since only trusted code can create dirs in there. This
is different for /dev/shm which is world-writable, and where creating
dirs at login doesn't solve anything, because any unprivileged user
could easily create dirs for all users and then make it impossible to
log in for them.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux