Lennart Poettering wrote: > The D-Bus system bus is one of the first procsses to be started and is > started as root. Hence the namespace issues don't really apply to it. > > The session bus would be vulnerable if they picked a well known name > as abstract socket. But they didn't. For me $DBUS_SESSION_BUS_ADDRESS > points to unix:abstract=/tmp/dbus-v1fkfN7LrT which is random. Can't you do the same but with a file containing the socket name rather than an env var? Rather than have a symlink in the private dir, just have a file that contains the abstract socket name (or even just the traditional socket path)? The client can read this file and then open the socket. It's an extra step I guess, but presumably not a huge one. I know this is evil, but what would happen if my home dir was on e.g. fat32 (yuk) which doesn't support symlinks? Pulse wouldn't run... (it may bail out earlier due to permission setting problems anyway). But with a file containing a reference to a socket it would work. I don't want to even begin to think about how any of the socket and symlink stuff maps to running PA on win32 :p Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/]
