On Tue, 23.09.08 15:20, Colin Guthrie (gmane at colin.guthr.ie) wrote: > > Lennart Poettering wrote: > > The D-Bus system bus is one of the first procsses to be started and is > > started as root. Hence the namespace issues don't really apply to it. > > > > The session bus would be vulnerable if they picked a well known name > > as abstract socket. But they didn't. For me $DBUS_SESSION_BUS_ADDRESS > > points to unix:abstract=/tmp/dbus-v1fkfN7LrT which is random. > > Can't you do the same but with a file containing the socket name rather > than an env var? > > Rather than have a symlink in the private dir, just have a file that > contains the abstract socket name (or even just the traditional socket > path)? The client can read this file and then open the socket. It's an > extra step I guess, but presumably not a huge one. A symlink is nothing more than a short file that is a bit nicer to use for our purpose here and can be changed atomically. With a bit extra work ou can replace symlinks with files everywhere. Howver, I don't see the need for this. I think it is relatively safe to assume that $HOME can do symlinks. It is however not safe to assume it can do UNIX sockets properly or any kind of locking. If we need that we need to move our stuff to /tmp. > I know this is evil, but what would happen if my home dir was on e.g. > fat32 (yuk) which doesn't support symlinks? Pulse wouldn't run... (it > may bail out earlier due to permission setting problems anyway). But > with a file containing a reference to a socket it would work. I am pretty sure that PA wouldn't be the first thing to fail on FAT32... I'll wait for the bug reports before I even think of making PA FAT32-safe. > I don't want to even begin to think about how any of the socket and > symlink stuff maps to running PA on win32 :p The Win32 port only uses TCP sockets. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net ICQ# 11060553 http://0pointer.net/lennart/ GnuPG 0x1A015CC4