[Users] [Bug 2828] Use MD5 digest for socket name
Sharon Kimble
boudiccas at talktalk.net
Thu Nov 29 17:28:42 CET 2012
On Thu, 29 Nov 2012 11:02:29 -0500
ratinox at gweep.net wrote:
Three emails all saying the exact same thing from you, has your 'send'
finger developed a stutter?
Sharon.
> On Thu, 29 Nov 2012 09:33:59 +0100
> Ricardo Mones <ricardo at mones.org> wrote:
>
> > That's not what was being claimed... but yes, it is. It could
> > also be seen as a nice local DoS attack, because is trivial to
> > create the same file as any other user in /tmp (home config dirs
> > are easily guessable). So I think /tmp is not the right place for
> > this.
>
> /tmp really is the best place to put the lock if you want to have
> multiple UIDs sharing a single configuration directory. All UIDs
> sharing the configuration must be able to see the lock socket. If the
> lock is unique to one UID then the other UID will not see it. This
> would permit multiple simultaneous access to a single configuration.
> This is not desired and is therefore a bug.
>
> /tmp is a good place to put the lock anyway. Locks need to be visible
> to all processes that might try to claim the resources. Privatizing a
> lock makes it impossible for other processes to see it.
>
> Yes, it's vulnerable to a local denial of service. So is using
> /tmp/claws-mail-${UID} as the lock socket name.
>
> Old, unused sockets aren't an issue. The periodic /tmp cleaner will
> reap them.
>
>
> > D'oh! So you claim A, when shown A is false you jump the it's a
> > feature wagon running on the opposite direction... Amazing :)
>
> I can't help it if you misinterpreted my writing that "two UIDs could
> share a configuration directory" as "two UIDs could share a
> configuration directory simultaneously".
>
>
> > Don't be shy, very likely nobody else is going to do it ;)
>
> Nope. It's impossible to do reliably. Look at the BUGS section of the
> realpath(3) man page.
>
--
A taste of linux = http://www.sharons.org.uk/taste/index.html
efever = http://www.efever.blogspot.com/
efever = http://sharon04.livejournal.com/
Debian Wheezy, LXDE 2, LibreOffice 3.5.4.2
Registered Linux user 334501
More information about the Users
mailing list