Re: locking workaround patch



Hi Havoc,

On Tue, 2002-09-10 at 17:15, Havoc Pennington wrote:
> Here is the latest patch for working around the locking issue.  Adds
> the dialog offering to delete locks, and adds a GCONF_LOCAL_LOCKS
> mode. GCONF_LOCAL_LOCKS mode leaves a denial-of-service attack
> possible. (User A creates the lockdir for user B so user B can't log
> in.)

	Use the ORBit2 code for getting around this then in
linc/include/linc/linc-protocol.h (linc_get_tmpdir).

	The ORBit2 code scans in a race-free way for a correctly attributed
user-owned directory, and this is also the directory that b-a-s uses.
It'd be nice to unify on this, so it's localised - oh and it solves the
DOS problem at a stroke ;-)

	NB. you need to call it after initializing the ORB really. Also, it has
problems if /tmp is not readable - there is a Mdk patch for their 'high
security level' mode that just defaults to the [DOSable] mode. [ sweet
irony ].

	How does that sound ?

	Regards,

		Michael.

-- 
 mmeeks gnu org  <><, Pseudo Engineer, itinerant idiot




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]