[pulseaudio-discuss] [PATCH] have make_random_dir respect $TMPDIR
lennart at poettering.net
Tue Sep 23 06:12:40 PDT 2008
On Tue, 23.09.08 14:57, Rémi Cardona (remi at gentoo.org) wrote:
> Sorry for getting slightly OT, but this thread is interesting :)
> Lennart Poettering a écrit :
> > Abstract Unix sockets still have a single shared namespace for all
> > users. That means you still have a DoS vulnerability, because an evil
> > user may simple take all well known socket paths before you can take
> > them and then you lost, because you don't hve any name to take anymore.
> Good point...
> But since dbus and Xorg both use abstract sockets, shouldn't they have
> those issues too? (especially Xorg since it has a well known socket
> name, dbus gets by with random environment variables...)
> Or am I missing something?
> Anyhow, thanks for the insightful comments :)
The D-Bus system bus is one of the first procsses to be started and is
started as root. Hence the namespace issues don't really apply to it.
The session bus would be vulnerable if they picked a well known name
as abstract socket. But they didn't. For me $DBUS_SESSION_BUS_ADDRESS
points to unix:abstract=/tmp/dbus-v1fkfN7LrT which is random.
I am not sure how X does solve the issue. Maybe it doesn't. Having
/tmp/X11-foobar like they used to is certainly broken, though.
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the pulseaudio-discuss