Re: GNOME security.
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 22 Mar 2000, Alexander Hvostov wrote:
> Brian (and everyone, for that matter),
>
> I configured ORBit to use Unix sockets as you said to do. A pleasant side
> effect of this is that GNOME seems to be faster.
>
> An unpleasant side effect is that ORBit is now placing sockets in /tmp,
> which looks like it may be vulnerable to a symlink attack. Anyone have any
> idea about this?
>
> ...Shouldn't the sockets just be in the user's home directory?
Technically, they should be put wherever $TMPDIR says to, but
very few people use that, on either end (user or programmer). It might be
a good idea to put them in a subdirectory owned by the user, say
/tmp/.${USER}/ORBit, or, like you say in their home directory, say
~/.orbit.
Nathan Paul Simons
http://www.nmt.edu/~npsimons/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBONmueVegz5xsVo19AQFWqwP6Aw+fqf3rvJw26My8HmdFghbWM9rvzFW+
/jfg4cFlZqb80Cnstcw+8Ons7K3OR7zhmrsvv0ZlNCxO+DliAt1x+YyJCAkLS/Ii
yzcdcF0rEVi3o3qgSQVhKvOx/DlRvlHwfX4BhtzUWm4isqW9cDmYCeWxYRKEJQX4
BgSSpIdrtOM=
=//TS
-----END PGP SIGNATURE-----
Reply to: