Akonadi's unix sockets location

Lennart Poettering mzerqung at 0pointer.de
Sat Mar 20 00:01:38 UTC 2010

On Tue, 16.03.10 08:38, Rex Dieter (rdieter at math.unl.edu) wrote:

> Juha Tuomala wrote:
> > https://bugs.kde.org/show_bug.cgi?id=179006#c5
> >> in the current version of Akonadi server you can specify a custom
> >> socket path by entering
> >> 
> >> [Connection]
> >> SocketDirectory=/tmp/akonadi-myuser/
> >>
> >> into $HOME/.config/akonadi/akonadiserverrc
> > 
> > How about setting that as default, away from $HOME that can be a NFS
> > filesystem? 
> Indeed, a solution similar to kde's 
> ~/.kde/socket-<hostname> => /tmp/ksocket-<username>
> symlink is likely needed here too.

If KDE really does this, it is really broken.                                                                                        
<hostname> is unsuitable for use cases like this, since on many                                                                      
Fedora/RH systems it is just "localhost". And then very often it is                                                                  
highly dynamic, sometimes even changing with DHCP.                                                                                   
If you want to identify a machine, use the D-Bus machine id. If you                                                                  
don't want to link against the libdbus libraries (which you probably                                                                 
should), then at least read /var/lib/dbus/machine-id and use that                                                                    
(possibly with a fallback to the hostname, in case the admin is a nut).                                                              
The dbus machine id is the only suitable ID for usecases like this: it                                                               
is static, bound to the installation, and widely available.                                                                          
In addition to this <username> is unsuitable for use cases like this                                                                 
too, since it opens the door to DoS attacks by other users since they                                                                
can guess you socket path and create the socket and hence make it                                                                    
impossible for you to use it.                                                                                                        
If you want to do this properly, do something like this:

~/.kde/socket-<dbusid> → /tmp/ksocket-<random>/socket


Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the devel mailing list