On Sun, 21.03.10 14:44, Jonathan Underwood (jonathan.underw...@gmail.com) wrote:
> > It's a shared namespace. As such it is a major source of
> > vulnerabitilities, especially if the developers didn't have this
> > particular use in mind.
>
> To what extent would the security issues associated wi
On 03/21/2010 10:44 AM, Jonathan Underwood wrote:
> On 19 March 2010 23:52, Lennart Poettering wrote:
>
>> That is a security hole. Since /tmp knows no further access control an
>> evil user can just create dirs there for each and every single user on
>> the system. Those directories will then
On 19 March 2010 23:52, Lennart Poettering wrote:
> That is a security hole. Since /tmp knows no further access control an
> evil user can just create dirs there for each and every single user on
> the system. Those directories will then be owned by him, and all other
> users will a) either comple
On Sat, 20.03.10 10:37, Przemek Klosowski (przemek.klosow...@nist.gov) wrote:
>
> On 03/20/2010 07:48 AM, Lennart Poettering wrote:
>
> > Secondly, as mentioned a unix socket is useless in the fs after the
> > program that listened on it exited,
>
> You mean in the context of a 'shared secret'-
On 03/20/2010 07:48 AM, Lennart Poettering wrote:
> Secondly, as mentioned a unix socket is useless in the fs after the
> program that listened on it exited,
You mean in the context of a 'shared secret'-named sockets, right?
In general. a socket /tmp/socket can just sit there and be reused
by wha
On Sat, 20.03.10 12:42, Till Maas (opensou...@till.name) wrote:
> > Unix sockets should definitely be cleaned up on reboot. Hence they
> > belong in /tmp better than in /var/tmp.
>
> Why do they need to be cleaned up on reboot?
After the program that listened on them exited they are useless and
On Sat, Mar 20, 2010 at 11:34:58AM +0100, Lennart Poettering wrote:
> On Sat, 20.03.10 10:34, Till Maas (opensou...@till.name) wrote:
>
> > On Tue, Mar 16, 2010 at 12:43:16PM -0400, Daniel J Walsh wrote:
> >
> > > Ok if they are from the same login session and same UID it is reasonable
> > > to
On Sat, 20.03.10 10:34, Till Maas (opensou...@till.name) wrote:
> On Tue, Mar 16, 2010 at 12:43:16PM -0400, Daniel J Walsh wrote:
>
> > Ok if they are from the same login session and same UID it is reasonable
> > to expect them to share /tmp.
>
> Iirc, it would be more FHS compliant to use /var
On Tue, Mar 16, 2010 at 12:43:16PM -0400, Daniel J Walsh wrote:
> Ok if they are from the same login session and same UID it is reasonable
> to expect them to share /tmp.
Iirc, it would be more FHS compliant to use /var/tmp instead.
Regards
Till
pgp70p2xBXwfN.pgp
Description: PGP signature
--
On Tue, 16.03.10 10:54, Matthias Clasen (mcla...@redhat.com) wrote:
> > > Symlinks are duct-tape, why not just set it to /tmp with
> > > global rc file?
> >
> > Sure, but still need to encode username into the filename (or
> > randomize/uniq
> > it) somehow.
> >
>
> Any reason this cannot be
On Tue, 16.03.10 08:38, Rex Dieter (rdie...@math.unl.edu) wrote:
>
> Juha Tuomala wrote:
>
> > https://bugs.kde.org/show_bug.cgi?id=179006#c5
> >> in the current version of Akonadi server you can specify a custom
> >> socket path by entering
> >>
> >> [Connection]
> >> SocketDirectory=/tmp/akon
On Tue, 16.03.10 14:52, Juha Tuomala (juha.tuom...@iki.fi) wrote:
>
> > [Connection]
> > SocketDirectory=/tmp/akonadi-myuser/
> >
> > into $HOME/.config/akonadi/akonadiserverrc
>
> How about setting that as default, away from $HOME that can be a NFS
> filesystem? I have had problems with it som
On 03/16/2010 12:29 PM, Colin Walters wrote:
> On Tue, Mar 16, 2010 at 12:16 PM, Daniel J Walsh wrote:
>
>> PLEASE do not use /tmp for communications. Use /var/run if the service is
>> running as root, or can create a socket in /var/run.
>>
> In this case I believe it's a per-user servi
On Tue, Mar 16, 2010 at 12:16 PM, Daniel J Walsh wrote:
>
> PLEASE do not use /tmp for communications. Use /var/run if the service is
> running as root, or can create a socket in /var/run.
In this case I believe it's a per-user service. In which case you
don't have much of a choice, because you
On 03/16/2010 11:17 AM, Colin Walters wrote:
> On Tue, Mar 16, 2010 at 10:54 AM, Matthias Clasen wrote:
>
>> Any reason this cannot be an abstract socket ? Of course, then you have
>> to check peer creds and figure out a way to communicate the socket name,
>> but at least you don't have to wor
On Tue, Mar 16, 2010 at 10:54 AM, Matthias Clasen wrote:
>
> Any reason this cannot be an abstract socket ? Of course, then you have
> to check peer creds and figure out a way to communicate the socket name,
> but at least you don't have to worry about the usual races and
> permission problem you
On Tue, 2010-03-16 at 08:56 -0500, Rex Dieter wrote:
> Juha Tuomala wrote:
>
> > On Tue, 16 Mar 2010, Rex Dieter wrote:
> >>> How about setting that as default, away from $HOME that can be a NFS
> >>> filesystem?
> >>
> >> Indeed, a solution similar to kde's
> >> ~/.kde/socket- => /tmp/ksocket-
>
On Tue, 16 Mar 2010, Rex Dieter wrote:
>> Symlinks are duct-tape, why not just set it to /tmp with
>> global rc file?
>
> Sure, but still need to encode username into the filename (or randomize/uniq
> it) somehow.
Could that be it:
http://techbase.kde.org/KDE_System_Administration/Configu
Juha Tuomala wrote:
>
>
>
> On Tue, 16 Mar 2010, Rex Dieter wrote:
>>> How about setting that as default, away from $HOME that can be a NFS
>>> filesystem?
>>
>> Indeed, a solution similar to kde's
>> ~/.kde/socket- => /tmp/ksocket-
>> symlink is likely needed here too.
>
> Symlinks are duct-t
Juha Tuomala wrote:
> On Tue, 16 Mar 2010, Rex Dieter wrote:
>>> How about setting that as default, away from $HOME that can be a NFS
>>> filesystem?
>>
>> Indeed, a solution similar to kde's
>> ~/.kde/socket- => /tmp/ksocket-
>> symlink is likely needed here too.
>
> Symlinks are duct-tape, why
On Tue, 16 Mar 2010, Rex Dieter wrote:
>> How about setting that as default, away from $HOME that can be a NFS
>> filesystem?
>
> Indeed, a solution similar to kde's
> ~/.kde/socket- => /tmp/ksocket-
> symlink is likely needed here too.
Symlinks are duct-tape, why not just set it to /tmp with
g
Juha Tuomala wrote:
> https://bugs.kde.org/show_bug.cgi?id=179006#c5
>> in the current version of Akonadi server you can specify a custom
>> socket path by entering
>>
>> [Connection]
>> SocketDirectory=/tmp/akonadi-myuser/
>>
>> into $HOME/.config/akonadi/akonadiserverrc
>
> How about setting t
https://bugs.kde.org/show_bug.cgi?id=179006#c5
> in the current version of Akonadi server you can specify a custom
> socket path by entering
>
> [Connection]
> SocketDirectory=/tmp/akonadi-myuser/
>
> into $HOME/.config/akonadi/akonadiserverrc
How about setting that as default, away from $HOM
23 matches
Mail list logo
