[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#466542: RFS: task-spooler

Hi,

David Bremner <bremner@unb.ca> writes:
>      - I have a vague memory of this being discussed before, but I can't
>        find the discussion now.  As far as I can tell, there are several
>        ways in which the socket setup could be improved.
>
>        - I don't really understand why the permissions on
>          /tmp/socket-ts.$uid are group and world readable.
>
>        - having the socket in world writable location makes ts
>          vulnerable to a denial of service attack.

It can also lead to other security issues.  There should be enough
example in the bug tracker ("unsafe use of /tmp").

>        wouldn't it be better to put the socket in a mode 0700 directory
>        e.g. in the users home directory?

Please be aware that there are network filesystems that cannot handle
sockets in $HOME.  Also sockets (or symlinks to them) should include the
hostname in case $HOME is shared between multiple machines.

You can have a symlink to a socket somewhere else which can then have a
random name.  In case the real socket is in a world-writable directory,
you also need to check that it is still your socket and was not replaced
later (for example an attacker could recreate the socket after /tmp was
cleaned on reboot).  At least Chromium, Akonadi and KDE do this.

Ansgar
Reply to: