Re: gpilotd & corba

On Wed, 16 Sep 1998 10:39:06 -0400, <> wrote:
> said:
> > 4) Currently, I'll store all requests as files /var/spool/gpilotd/
> > $USER/, and let the name/contents indicate what to do, and the forked
> > gpilotd will read these upon sync. (any security issues here that I'm
> > missing ?) 
> If this directory has a predictable name, cant some nasty person take
> advantage of this (like all the /tmp exploits recently discussed)?
> At a minimum I guess you just take a look at the existing path and make
> sure its really setup like you want before you use it.

The appropriate behavior here is to do one of two things.

1. /var/spool/gpilot (I don't like the terminal d since that is the daemon
name and not the service name).

This directory needs to be permissions 1755 and root.root. When
a user uses gpilot a directory $USER is created *If it doesn't exist*
permissions 700 and $USER.$USER (this is why it has to run as
root at this point). If $USER exists then an error is returned. Once the
directory is created then root setuid is revoked and user-uid is assumed.

2. $HOME/gpilot

The daemon still has to run as root for a bit, but there aren't quota issues
or other possible denial of service issues.


                Bryan C. Andregg * <> * Red Hat Software

"So hang the brand-name ego at the door and think about what I'm saying" -
	Peter Da Silva

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]