On Tue, Aug 04, 2009 at 09:52:23AM -0500, Boyd Stephen Smith Jr. wrote: > In <[email protected]>, Alexander Inyukhin wrote: > >Socket permissions are controlled by umask, but if security > >matters, a more sophisticated way of managing sockets should be used. > >Since task-spooler is intented for use in single user environment, > >I do not think this is a serious issue. > > Unfortunately, Debian is not limited to use as a single-user environment so > you may need to revisit the security implications. At the very least, you > may want to warn the administrator that it is not suitable for multi-user > environments. > > Any reason task-spooler can't secure it's sockets the same way ssh-agent > and/or gpg-agent secure theirs?
Actually, it can. It is just not the default behavior. User may override socket location via environment variables TMPDIR or TS_SOCKET. As with gpg-agent, this requires additional setup. Creating socket with predefined name in user's home directory seems to be a better choice. Is there any policy rules about socket naming? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

