[Users] [Bug 2828] Use MD5 digest for socket name

[ratinox at gweep.net]

On Thu, 29 Nov 2012 09:33:59 +0100
Ricardo Mones <ricardo at mones.org> wrote:

>   That's not what was being claimed... but yes, it is. It could
> also be seen as a nice local DoS attack, because is trivial to create
> the same file as any other user in /tmp (home config dirs are easily
> guessable). So I think /tmp is not the right place for this.

/tmp really is the best place to put the lock if you want to have
multiple UIDs sharing a single configuration directory. All UIDs
sharing the configuration must be able to see the lock socket. If the
lock is unique to one UID then the other UID will not see it. This
would permit multiple simultaneous access to a single configuration.
This is not desired and is therefore a bug.

/tmp is a good place to put the lock anyway. Locks need to be visible
to all processes that might try to claim the resources. Privatizing a
lock makes it impossible for other processes to see it.

Yes, it's vulnerable to a local denial of service. So is using
/tmp/claws-mail-${UID} as the lock socket name.

Old, unused sockets aren't an issue. The periodic /tmp cleaner will
reap them.


>   D'oh! So you claim A, when shown A is false you jump the it's a
> feature wagon running on the opposite direction... Amazing :)

I can't help it if you misinterpreted my writing that "two UIDs could
share a configuration directory" as "two UIDs could share a
configuration directory simultaneously".


>   Don't be shy, very likely nobody else is going to do it ;)

Nope. It's impossible to do reliably. Look at the BUGS section of the
realpath(3) man page.

-- 
\m/ (--) \m/