Akonadi's unix sockets location
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 16 16:16:32 UTC 2010
On 03/16/2010 11:17 AM, Colin Walters wrote:
> On Tue, Mar 16, 2010 at 10:54 AM, Matthias Clasen<mclasen at redhat.com> wrote:
>
>> Any reason this cannot be an abstract socket ? Of course, then you have
>> to check peer creds and figure out a way to communicate the socket name,
>> but at least you don't have to worry about the usual races and
>> permission problem you have with unix sockets.
>>
> People - reliably finding other programs and initiating communication
> with them is 99% of the reason that DBus was created and exists in the
> OS.
>
> In this case, the right thing is to claim a bus name (org.blah.MyApp),
> export a method on it "org.blah.MyApp.GetSocket", which returns the
> randomly-named path to your socket in /tmp.
>
> Using abstract sockets does NOT mean you don't have to worry about
> permissions. Any other uid can still connect to the socket, so you
> either need to do some sort of peer credentials if you want to
> restrict it to the same uid.
>
PLEASE do not use /tmp for communications. Use /var/run if the service
is running as root, or can create a socket in /var/run.
Processes running with different UID communicating over /tmp will break
in a namespace environment.
Evil users have successfully in the past caused privileged apps to do
evil things when the priv apps do stuff in /tmp.
I believe it is a good idea to avoid priv apps using any directory where
random users can write.
More information about the devel
mailing list