Re: RFS: task-spooler
David Bremner <firstname.lastname@example.org> writes:
> - I have a vague memory of this being discussed before, but I can't
> find the discussion now. As far as I can tell, there are several
> ways in which the socket setup could be improved.
> - I don't really understand why the permissions on
> /tmp/socket-ts.$uid are group and world readable.
> - having the socket in world writable location makes ts
> vulnerable to a denial of service attack.
It can also lead to other security issues. There should be enough
example in the bug tracker ("unsafe use of /tmp").
> wouldn't it be better to put the socket in a mode 0700 directory
> e.g. in the users home directory?
Please be aware that there are network filesystems that cannot handle
sockets in $HOME. Also sockets (or symlinks to them) should include the
hostname in case $HOME is shared between multiple machines.
You can have a symlink to a socket somewhere else which can then have a
random name. In case the real socket is in a world-writable directory,
you also need to check that it is still your socket and was not replaced
later (for example an attacker could recreate the socket after /tmp was
cleaned on reboot). At least Chromium, Akonadi and KDE do this.