Security issues with abstract namespace sockets
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 5 21:37:05 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/05/2011 04:33 PM, Matt McCutchen wrote:
> On Wed, 2011-01-05 at 15:25 -0500, Adam Jackson wrote:
>> On Wed, 2011-01-05 at 13:38 -0500, Matt McCutchen wrote:
>>> The
>>> more significant DoS condition is another user taking the name you want,
>>> which can happen in the abstract namespace but not in a directory only
>>> you can write.
>>
>> I don't have any of those. If the X server is running as root (like in
>> the gdm case) then I can put the socket wherever I want. If it's Xvfb,
>> then where do I put this directory? $HOME ? Nope, might not be
>> there. /tmp/$USER ? Won't work if someone else mkdir'd /tmp/ajax
>> before I did.
>
> What about the XDG_RUNTIME_DIR (/var/run/user/$USER) from systemd?
>
This does not exist until after the User has logged in. X starts before
the user logs in. Also multiple users need to be able to talk to same
xserver. Not sure about switchuser.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0k5IEACgkQrlYvE4MpobPAYwCcD1bnU+qES3uv/tc/7Jw3jlwD
SQMAoJf+5uXZ2FkN2vLOOuiWLWojKSkB
=OpVt
-----END PGP SIGNATURE-----
More information about the devel
mailing list