Akonadi's unix sockets location
Lennart Poettering
mzerqung at 0pointer.de
Sat Mar 20 00:10:59 UTC 2010
On Tue, 16.03.10 10:54, Matthias Clasen (mclasen at redhat.com) wrote:
> > > Symlinks are duct-tape, why not just set it to /tmp with
> > > global rc file?
> >
> > Sure, but still need to encode username into the filename (or randomize/uniq
> > it) somehow.
> >
>
> Any reason this cannot be an abstract socket ? Of course, then you have
> to check peer creds and figure out a way to communicate the socket name,
> but at least you don't have to worry about the usual races and
> permission problem you have with unix sockets.
Abstract sockets are not particularly useful for anything but system
services that are only started once, and very early during bootup. Why?
because they are not namespaced: every user can take every name he
wants. If a system service that is restartable or started late at bootup
needs a specific name then some evil user might already have taken it
away, creating a DoS situation.
As soon as a system is booted up to a level where non-system users can
login abstract namespace sockets must use randomized names, to avoid
these DoS issues. And a reference to those names would probably be have
to be written to the file system, so that it can be found by other
applications. And as soon as that happens, most advantages of sockets
that don't live in the fs hierarchy are gone.
Abstract sockets are a tool that is only really useful during early boot. For
everything else I don't think it really has any advantages over fs
sockets. However, they are harder to discover, which sucks.
In summary: unless you hack very low-level Linux-specific software
forget about abstract sockets.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the devel
mailing list