[pulseaudio-tickets] [PulseAudio] #662: "Failed to create secure directory" when .pulse is a symlink
PulseAudio
trac-noreply at tango.0pointer.de
Wed Mar 30 09:15:33 PDT 2011
#662: "Failed to create secure directory" when .pulse is a symlink
---------------------+------------------------------------------------------
Reporter: elitak | Owner: lennart
Type: defect | Status: reopened
Milestone: | Component: pavucontrol
Resolution: | Keywords:
---------------------+------------------------------------------------------
Changes (by prakisk):
* status: closed => reopened
* resolution: invalid =>
Comment:
Replying to [comment:3 lennart]:
> Replying to [comment:2 elitak]:
> > Whether it's the correct behavior or not, this is a big concern for
usability.
>
> Usability? What does ~/.pulse have to do with usability?
>
> > If launched from a gnome desktop shortcut, the app gives no indication
that there's a problem and doesn't even terminate. There should at least
be a dialog box that the user must dismiss. Flag this ticket as an
enchancement or retitle it, perhaps?
>
> Uh. PA is a session service, it should be run from the XDG autostart
dir, not via some desktop shortcut. It should generally be invisible to
the user. Also, what does that have to do with ~/.pulse not being allowed
to be a symlink?
>
> > Also, I don't understand how disallowing intermediate links to the
.pulse directory makes anything more secure, but then I certainly don't
have anything close to the whole picture. I'll just have to take your word
on it, unless you'd care to explain?
>
> If you have a chain of symlinks and only verify the access mode of the
final destination but some evildoer has write access to the dir one of the
intermediate symlinks is located in he might redirect replace that symlink
to some spot that is not safe. If we'd go and verify each step of the
symlink chain we could detect that, however that would be very ugly and --
what's worse -- racy, since we cannot atomically check the whole chain.
So, to fix this we simply make sure .pulse is not a symlink in the first
place.
>
> Also, I cannot see at all why you'd want to make .pulse a symlink in the
first place.
Just because you don't see a reason doesn't mean there's no valid reason.
and just because you don't agree with it, doesn't mean it's invalid.
Your efforts to secure things are noble, but i think this is misplaced.
Not allowing symlinks is a bug. Please fix.
thanks.
prakisk
--
Ticket URL: <http://pulseaudio.org/ticket/662#comment:4>
PulseAudio <http://pulseaudio.org/>
The PulseAudio Sound Server
More information about the pulseaudio-bugs
mailing list