Akonadi's unix sockets location

Mon Mar 22 13:11:50 UTC 2010

On 03/21/2010 10:44 AM, Jonathan Underwood wrote:
> On 19 March 2010 23:52, Lennart Poettering<mzerqung at 0pointer.de>  wrote:
>    
>> That is a security hole. Since /tmp knows no further access control an
>> evil user can just create dirs there for each and every single user on
>> the system. Those directories will then be owned by him, and all other
>> users will a) either completely fail to work or b) happily connect to
>> the evil user's services unless the software in question implements
>> two-way credential passing and verification (which I'd bet akonadi
>> doesn't do).
>>
>> So either this is a DoS vulnerability or an even worse security hole.
>>
>> So in short: don't do this. If you safely want to place a socket in
>> /tmp, you need to place it in a random dir, and then symlink (or
>> otherwise refer to it) from $HOME. Or better (as Colin suggested), just
>> use D-Bus to pass around the randomized socket path. (or even better:
>> use the new fd passing in D-Bus so that you don't need to socket path at
>> all)
>>
>> Or even shorter: Unix sucks.
>>
>> At last year's FOSS.in I did a talk about issues like this in Unix and
>> how to work around them in application and how incredibly hard it is to
>> get this right. One of those days I hope to find the time to write a
>> blog story about this.
>>
>> I personally believe introducing a per-user /var/run (maybe as
>> /var/run/users/$USER which is created at login time) is cleanest way to
>> fix all of this.
>>
>>      
>>> I can't imagine what harm that would cause to default under /tmp?
>>>        
>> It's a shared namespace. As such it is a major source of
>> vulnerabitilities, especially if the developers didn't have this
>> particular use in mind.
>>      
> To what extent would the security issues associated with files in /tmp
> be mitigated with a polyinstantiated /tmp directories? Should Fedora
> move to that as a default?
>    
Yes  a lot of this would be fixed, but it is very confusing to have 
different views of /tmp.
I have it setup right now and am bit by root having a different view of 
/tmp then my user account.
And I understand the technology.