[Users] [Bug 2828] Use MD5 digest for socket name

Ricardo Mones ricardo at mones.org
Thu Nov 29 09:33:59 CET 2012


  Hi,

On Wed, Nov 28, 2012 at 07:47:39PM -0500, ratinox at gweep.net wrote:
> On Thu, 29 Nov 2012 01:08:38 +0100
> Holger Berndt <berndth at gmx.de> wrote:
> 
> > But that's actually a feature, isn't it? [...]

  That's not what was being claimed... but yes, it is. It could
also be seen as a nice local DoS attack, because is trivial to create
the same file as any other user in /tmp (home config dirs are easily
guessable). So I think /tmp is not the right place for this.

> Precisely. The purpose of a lock is to guarantee exclusive access to a
> resource. If starting a second, concurrent instance of Claws Mail using
> the same configuration directory fails then my patch is working
> correctly. You need to completely shut down the first instance of CM
> before starting the second with a different UID.

  D'oh! So you claim A, when shown A is false you jump the it's a feature
wagon running on the opposite direction... Amazing :)
 
> > Anyways, the patch misses the "normalizing the config directory" part
> > that I was talking about - meaning to resolve symlinks and identities
> > like /foo/bar == /foo/bar/../bar or /home/./foo == /home/foo, to make
> > it slightly less easy for the user to shoot himself in the foot.
> 
> If canonicalization is necessary then I'd rather leave it to someone who
> can handle the error and overflow cases. I'd make a mess of it if I
> tried it myself.

  Don't be shy, very likely nobody else is going to do it ;)

  thanks in advance,
-- 
  Ricardo Mones 
  ~
  00:45 < hammar> cool.. have you used rssyl?                          
  00:46 <@Ticho> um, yes                            Seen on #sylpheed

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20121129/ddf893c6/attachment.sig>


More information about the Users mailing list