Bug#466542: RFS: task-spooler
On Fri, Sep 02, 2011 at 09:47:49PM -0300, David Bremner wrote:
> On Fri, 2 Sep 2011 00:39:07 +0400, Alexander Inyukhin <shurick@sectorb.msk.ru> wrote:
> > * Package name : task-spooler
> > Version : 0.7.0-1~rc1
> > Upstream Author : Lluís Batlle i Rossel <viric@vicerveza.homeunix.net>
> > * URL : http://vicerveza.homeunix.net/~viric/soft/ts/
> > * License : GPLv2+
> > Section : misc
>
> Hi Alexander;
Hi David,
thanks for your comments.
I hope all these issues are solved in the latest release of the package.
> Thanks for working on task-spooler. I have used it before and found it
> pretty useful.
>
> Some comments
>
> - you miss Gentoo Foundation as copyright holder for the ebuild files
>
> - your version number is odd. If your package is ready for upload
> (in your opinion) it should have a version like 0.7.0-1
>
> - I have a vague memory of this being discussed before, but I can't
> find the discussion now. As far as I can tell, there are several
> ways in which the socket setup could be improved.
>
> - I don't really understand why the permissions on
> /tmp/socket-ts.$uid are group and world readable.
>
> - having the socket in world writable location makes ts
> vulnerable to a denial of service attack.
>
> wouldn't it be better to put the socket in a mode 0700 directory
> e.g. in the users home directory?
Reply to: