noexec on /dev/shm
Lennart Poettering
mzerqung at 0pointer.de
Tue Jan 4 13:11:58 UTC 2011
On Mon, 03.01.11 22:12, Bernie Innocenti (bernie at codewiz.org) wrote:
> On my desktop, abstract namespace sockets are twice more popular than
> the regular ones:
>
> bernie at giskard:~$ netstat -ax | grep @ | wc -l
> 151
> bernie at giskard:~$ netstat -ax | grep -v @ | grep / | wc -l
> 73
>
> Most uses are from dbus, but I'm also seeing gnome-session and
> gvfsd-trash.
Of these being used, dbus is correctly implemented, since it randomizes
the socket name. Same for gdm.
Misusing are ICE, X11, nspluginwrapper at least, since they do not use a
random socket name but a fixed one, hence opening the door to DoS attacks.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list