[pulseaudio-discuss] [PATCH] have make_random_dir respect $TMPDIR
remi at gentoo.org
Tue Sep 23 05:57:38 PDT 2008
Sorry for getting slightly OT, but this thread is interesting :)
Lennart Poettering a écrit :
> Abstract Unix sockets still have a single shared namespace for all
> users. That means you still have a DoS vulnerability, because an evil
> user may simple take all well known socket paths before you can take
> them and then you lost, because you don't hve any name to take anymore.
But since dbus and Xorg both use abstract sockets, shouldn't they have
those issues too? (especially Xorg since it has a well known socket
name, dbus gets by with random environment variables...)
Or am I missing something?
Anyhow, thanks for the insightful comments :)
More information about the pulseaudio-discuss