On Thu, Mar 1, 2012 at 12:39:41 -0800, Tim wrote: > I think there is still a race in your version in the lines which look > like: > > > + mkdir $ICE_DIR 2>/dev/null || [ -d $ICE_DIR ] && ! [ -h $ICE_DIR ] > > mkdir will fail if the file already exists for any reason. After > mkdir fails, it is possible that another process will be able to run > and remove/create new versions of the path with different properties > after your tests run. > doh. You're right, of course. [...] > > > Note that the "chown root:root $SOCKET_DIR" also seems redundant to me > > > (if we didn't already own it, we would have bigger problems, right?). > > > > > I guess it protects against some user doing mkdir /tmp/.X11-unix before > > this runs (which probably means before the package is installed, so it's > > not like this is a very likely race) and then owning the directory. > > Oh, right, duh. Well, the dir is created every time the box boots, > since /tmp is cleared, so it is needed for sure. > /etc/init.d/x11-common on boot should run before any unprivileged user has a chance to do anything (it's in rcS.d, and depends only on $local_fs), so it's less of a problem than initial package installation AFAICT. Cheers, Julien
Attachment:
signature.asc
Description: Digital signature