[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: task-spooler



In Tuesday 04 August 2009, you wrote:
>On Tue, Aug 04, 2009 at 09:52:23AM -0500, Boyd Stephen Smith Jr. wrote:
>> In <20090804100620.GA8545@shurick.s2s.msu.ru>, Alexander Inyukhin wrote:
>> >Socket permissions are controlled by umask, but if security
>> >matters, a more sophisticated way of managing sockets should be used.
>> >Since task-spooler is intented for use in single user environment,
>> >I do not think this is a serious issue.
>>
>> Unfortunately, Debian is not limited to use as a single-user environment
>> so you may need to revisit the security implications.  At the very
>> least, you may want to warn the administrator that it is not suitable
>> for multi-user environments.
>>
>> Any reason task-spooler can't secure it's sockets the same way ssh-agent
>> and/or gpg-agent secure theirs?
>
>Actually, it can. It is just not the default behavior.
>User may override socket location via environment variables TMPDIR or
> TS_SOCKET. As with gpg-agent, this requires additional setup.

Hrm, I'm not using any special GPG settings and my socket resides in 
/tmp/gpg-6qK7UK/S.gpg-agent; my ssh-agent is in a similar location.

>Creating socket with predefined name in user's home directory seems to be
>a better choice. Is there any policy rules about socket naming?

I think secure-by-default would be the better choice.  I don't know what 
kind of information is passed over the socket, but if it is in a 
(group/world) writable directory[1] or (group/world) readable/writable 
itself it is possible a local attacker could hijack the connection.

As far as I know there is no policy.  I'm not a DD and speak only for 
myself.  I don't mean to hold up the sponsoring of the package if my issues 
don't bother the sponsors.

Creating the socket as mode 600 in the user's home directory seems 
relatively safe, but isolating it in a mode 700 directory doesn't seem like 
a bad idea.
-- 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

[1] I suppose a user's home directory might be group writable, but that 
seems unusual.

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: