[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#466542: RFS: task-spooler

On Sat, Sep 03, 2011 at 12:07:59PM +0200, Ansgar Burchardt wrote:
> David Bremner <bremner@unb.ca> writes:
> You can have a symlink to a socket somewhere else which can then have a
> random name.  In case the real socket is in a world-writable directory,
> you also need to check that it is still your socket and was not replaced
> later (for example an attacker could recreate the socket after /tmp was
> cleaned on reboot).  At least Chromium, Akonadi and KDE do this.

That's the approach I wanted to take, as this was the only threat I could
imagine. So, I'll simply check the ownership. I'll release a new version with
that. The patch should be simple.

Thank you,

Reply to: