Akonadi's unix sockets location

[Jonathan Underwood]

On 19 March 2010 23:52, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> That is a security hole. Since /tmp knows no further access control an
> evil user can just create dirs there for each and every single user on
> the system. Those directories will then be owned by him, and all other
> users will a) either completely fail to work or b) happily connect to
> the evil user's services unless the software in question implements
> two-way credential passing and verification (which I'd bet akonadi
> doesn't do).
>
> So either this is a DoS vulnerability or an even worse security hole.
>
> So in short: don't do this. If you safely want to place a socket in
> /tmp, you need to place it in a random dir, and then symlink (or
> otherwise refer to it) from $HOME. Or better (as Colin suggested), just
> use D-Bus to pass around the randomized socket path. (or even better:
> use the new fd passing in D-Bus so that you don't need to socket path at
> all)
>
> Or even shorter: Unix sucks.
>
> At last year's FOSS.in I did a talk about issues like this in Unix and
> how to work around them in application and how incredibly hard it is to
> get this right. One of those days I hope to find the time to write a
> blog story about this.
>
> I personally believe introducing a per-user /var/run (maybe as
> /var/run/users/$USER which is created at login time) is cleanest way to
> fix all of this.
>
>> I can't imagine what harm that would cause to default under /tmp?
>
> It's a shared namespace. As such it is a major source of
> vulnerabitilities, especially if the developers didn't have this
> particular use in mind.

To what extent would the security issues associated with files in /tmp
be mitigated with a polyinstantiated /tmp directories? Should Fedora
move to that as a default?