Re: GNOME security.

To: Alexander Hvostov <vulture@aoi.dyndns.org>
Cc: Brian Kimball <bfk@footbag.org>, debian-security@lists.debian.org, recipient list not shown: ;
Subject: Re: GNOME security.
From: Nathan Paul Simons <npsimons@nmt.edu>
Date: Wed, 22 Mar 2000 22:41:05 -0700 (MST)
Message-id: <[🔎] Pine.LNX.4.21.0003222238260.32216-100000@moogle.tcct.nmt.edu>
In-reply-to: <[🔎] Pine.LNX.4.21.0003221808310.30968-100000@cornerstone.core.aoi>

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 22 Mar 2000, Alexander Hvostov wrote:

> Brian (and everyone, for that matter),
> 
> I configured ORBit to use Unix sockets as you said to do. A pleasant side
> effect of this is that GNOME seems to be faster.
> 
> An unpleasant side effect is that ORBit is now placing sockets in /tmp,
> which looks like it may be vulnerable to a symlink attack. Anyone have any
> idea about this?
> 
> ...Shouldn't the sockets just be in the user's home directory?

	Technically, they should be put wherever $TMPDIR says to, but
very few people use that, on either end (user or programmer).  It might be
a good idea to put them in a subdirectory owned by the user, say
/tmp/.${USER}/ORBit, or, like you say in their home directory, say
~/.orbit.

Nathan Paul Simons
http://www.nmt.edu/~npsimons/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBONmueVegz5xsVo19AQFWqwP6Aw+fqf3rvJw26My8HmdFghbWM9rvzFW+
/jfg4cFlZqb80Cnstcw+8Ons7K3OR7zhmrsvv0ZlNCxO+DliAt1x+YyJCAkLS/Ii
yzcdcF0rEVi3o3qgSQVhKvOx/DlRvlHwfX4BhtzUWm4isqW9cDmYCeWxYRKEJQX4
BgSSpIdrtOM=
=//TS
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: GNOME security.
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>

Prev by Date: Re: GNOME security.
Next by Date: Re: Automatic password changing
Previous by thread: Re: GNOME security.
Next by thread: unsubscruibe
Index(es):
- Date
- Thread