[pulseaudio-discuss] [PATCH] have make_random_dir respect $TMPDIR

Rémi Cardona remi at gentoo.org
Tue Sep 23 05:57:38 PDT 2008

Sorry for getting slightly OT, but this thread is interesting :)

Lennart Poettering a écrit :
> Abstract Unix sockets still have a single shared namespace for all
> users. That means you still have a DoS vulnerability, because an evil
> user may simple take all well known socket paths before you can take
> them and then you lost, because you don't hve any name to take anymore.

Good point...

But since dbus and Xorg both use abstract sockets, shouldn't they have 
those issues too? (especially Xorg since it has a well known socket 
name, dbus gets by with random environment variables...)

Or am I missing something?

Anyhow, thanks for the insightful comments :)


More information about the pulseaudio-discuss mailing list