Re: ORBit2 problem with /tmp

From: Michael Meeks <michael ximian com>
To: Frederic Crozat <fcrozat mandrakesoft com>
Cc: orbit <orbit-list gnome org>
Subject: Re: ORBit2 problem with /tmp
Date: 27 Aug 2002 14:31:06 +0100

On Tue, 2002-08-27 at 10:10, Frederic Crozat wrote:
> This is a forward of a mail I sent to Michael yesterday.

	My reply is in-line.

Hi Frederic,

On Mon, 2002-08-26 at 18:21, Frederic Crozat wrote:
> as part of our tests for Mandrake 9.0, we have discovered that ORBit2
> doesn't work correctly (it crashes) when a Mandrake system is set to
> security level 5 (a lot of things are not permitted for normal
users..)

        Fair enough.

> After some investigations, it seems ORBit2 doesn't like at all when
/tmp
> is not readable by everyone (security level 5 enforces /tmp not
readable
> by users).. 

        Oh; hmm.

> I've look quickly to ORBit2 code and it seems the scan_socket_dir is
the
> guilty method.. Since I'm not sure how to fix this problem cleanly (ie
> without regression in ORBit behavior), I prefer to ask you :)

        Ok - the reason it scans the directory is this:

        a) We used to use /tmp/orbit-$USER
        b) It's possible to create that directory, and it not be owned
           by the user, thus total denial of service for Gnome stuff.
        c) So, we need to scan and create iterative random directories
           until we get one with the right permissions, also - it's 
           vital that all other apps share this same directory.

        So - in order to stop a race condition, and communicate the new
name to
avoid a denial of service (still present in the 1.4 stuff) - we have to
do the scan.

        There are a couple of possible solutions:

        a) Write some code for linc/ORBit2 to use the 'virtual' unix 
           socket namespace, this would be neater for cleanup, but we 
           can't rely on the unix permissions at bind time - so we'd 
           have to add some user authentication stuff - which would be
           good anyway.

        b) Bin the denial of service workaround stuff - you'll still be
           vulnerable, but ... [ perhaps you can do this - only in 
           security level 5 (looks like an own goal there) ]

        apart from that I'm pretty stuck; Dick can help you with a)
there was a
bug filed against it, but  think it might be filed against ORBit instead
of ORBit2 - so I'm not seeing it ;-)

        HTH,

                Michael.


-- 
 mmeeks@gnu.org  <><, Pseudo Engineer, itinerant idiot

Follow-Ups:
- Re: ORBit2 problem with /tmp
  - From: Frederic Crozat

References:
- ORBit2 problem with /tmp
  - From: Frederic Crozat

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]