noexec on /dev/shm
Lennart Poettering
mzerqung at 0pointer.de
Tue Jan 4 23:59:56 UTC 2011
On Tue, 04.01.11 17:36, Adam Jackson (ajax at redhat.com) wrote:
> On Tue, 2011-01-04 at 14:11 +0100, Lennart Poettering wrote:
>
> > Misusing are ICE, X11, nspluginwrapper at least, since they do not use a
> > random socket name but a fixed one, hence opening the door to DoS attacks.
>
> X's socket name isn't fixed. It's a function of whatever display name
> you asked for when you launched the server. Our filesystem-bound socket
> name is not different in this respect.
Well, OK, bad wording on my side. Replace "fixed" by "guessable".
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list