Re: locking workaround patch

From: Havoc Pennington <hp redhat com>
To: Michael Meeks <michael ximian com>
Cc: gconf <gconf-list gnome org>, Mark McLoughlin <mark skynet ie>
Subject: Re: locking workaround patch
Date: 11 Sep 2002 10:20:43 -0400

Michael Meeks <michael ximian com> writes: 
> 	Use the ORBit2 code for getting around this then in
> linc/include/linc/linc-protocol.h (linc_get_tmpdir).
> 
> 	The ORBit2 code scans in a race-free way for a correctly attributed
> user-owned directory, and this is also the directory that b-a-s uses.
> It'd be nice to unify on this, so it's localised - oh and it solves the
> DOS problem at a stroke ;-)

I looked at that code - the ORBit way doesn't fix gconf for the
following reason. What it does is create:

 /tmp/orbit-username
 /tmp/orbit-username-1
 /tmp/orbit-username-2

until it finds one with right perms.

However, in gconf say malicious user creates /tmp/gconf-username, 
and we start using /tmp/gconf-username-1. Then malicious user deletes
/tmp/gconf-username. Subsequent apps to start up will use
/tmp/gconf-username instead of /tmp/gconf-username-1, and not find
gconfd, and create duplicate gconfd. Thus effectively DOSing an
existing session. Point is that all gconf-using apps need to find the
same /tmp/whatever.

The only way around that I see is to glob /tmp/gconf-username* and try
to use anything found in the glob, in ascending order of the little
number at the end - that could work. I'm not sure though.

Havoc

Follow-Ups:
- Re: locking workaround patch
  - From: Frederic Crozat
- Re: locking workaround patch
  - From: Michael Meeks

References:
- locking workaround patch
  - From: Havoc Pennington
- Re: locking workaround patch
  - From: Michael Meeks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]