Re: Bug#466542: RFS: task-spooler
On Sat, Sep 03, 2011 at 12:07:59PM +0200, Ansgar Burchardt wrote:
> David Bremner <bremner@unb.ca> writes:
> You can have a symlink to a socket somewhere else which can then have a
> random name. In case the real socket is in a world-writable directory,
> you also need to check that it is still your socket and was not replaced
> later (for example an attacker could recreate the socket after /tmp was
> cleaned on reboot). At least Chromium, Akonadi and KDE do this.
That's the approach I wanted to take, as this was the only threat I could
imagine. So, I'll simply check the ownership. I'll release a new version with
that. The patch should be simple.
Thank you,
Lluís.
Reply to: