[Users] [Bug 2828] Use MD5 digest for socket name
Colin Leroy
colin at colino.net
Sat Dec 1 13:21:43 CET 2012
On 30 November 2012 at 01h00, Holger Berndt wrote:
Hi,
> But anyways, it's a matter of preference what's more valuable: Safety
> against different uids trying to mess with the same config dir at the
> same time, or DoS prevention. Personally, I lean towards the second.
Different UIDs should not be messing with the same config dir anyway.
The UID in the socket name is there just to allow different users run
different instances of Claws Mail at the same time, not to prevent DoS
or anything.
Also, I feel we're getting a little bit carried away there with
XDG_RUNTIME_DIR and everything. Supporting XDG would be great, but we
don't, right now.
Maybe we can start caring about XDG_RUNTIME_DIR when we'll have
migrated our config dir to XDG_CONDIR_DIR and imap caches to
XDG_CACHE_DIR.
In the meantime I couldn't care less if the socket name is rendered
unique using UID, config-dir-name hash, md5sum of the user's full name
appended to the computer domain name or whatever.
Ratinox's patch is good as it is, there's no need to add the UID
> don't remove uid from socket name, just add the MD5, otherwise two
>different users could clash using the same dir.
That's misguided, we sure as hell don't want two users running two
instances of Claws Mail, writing UIDL files, preferences and IMAP cache
files in the same configuration directory.
Having the unicity on config dirs only is actually better than on UID +
config dir. Of course the hash has to be on the absolute path.
Or am I missing something there?
--
Colin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20121201/29769501/attachment.sig>
More information about the Users
mailing list