Security issues with abstract namespace sockets
Adam Jackson
ajax at redhat.com
Wed Jan 5 21:47:20 UTC 2011
On Wed, 2011-01-05 at 16:33 -0500, Matt McCutchen wrote:
> On Wed, 2011-01-05 at 15:25 -0500, Adam Jackson wrote:
> > I don't have any of those. If the X server is running as root (like in
> > the gdm case) then I can put the socket wherever I want. If it's Xvfb,
> > then where do I put this directory? $HOME ? Nope, might not be
> > there. /tmp/$USER ? Won't work if someone else mkdir'd /tmp/ajax
> > before I did.
>
> What about the XDG_RUNTIME_DIR (/var/run/user/$USER) from systemd?
atropine:~% ssh 10.16.61.101
test at 10.16.61.101's password:
Last login: Wed Jan 5 16:42:43 2011
[test at dhcp-10-16-61-101 ~]$ set | grep XDG
[test at dhcp-10-16-61-101 ~]$ rpm -q systemd fedora-release
systemd-15-1.fc15.x86_64
fedora-release-15-0.3.noarch
Console login at least gives me an XDG_SESSION_COOKIE.
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110105/5ecb1e71/attachment.bin
More information about the devel
mailing list