Re: [Fish-users] Using fish without fishd

Mon, 17 Nov 2014 23:33:07 -0800 

On Sun, 16 Nov 2014, Mario Castelán Castro wrote:
> Is it possible to use fish without "fishd" even if it loses some 
> functionality?. Specifically, is it possible to configure "fish" so as 
> to not to start "fishd" and not to print an error message about lacking 
> "fishd"?.

On IRC, you mentioned that you weren't keen on running fishd because of 
the file it creates in /tmp being a potential security issue.

On versions predating 2.1.1, you are absolutely correct, and 2.1.1 was 
released to try and mitigate this. 2.1.1, and indeed even the versions 
without a fishd process in development, still require a file in /tmp which 
has a well-known path, and thus a potential denial-of-service issue 
exists. On systems which set up a proper XDG_RUNTIME_PATH, this is not a 
problem, but most do not.

The reason for avoiding a path in $HOME to use as a socket or FIFO path is 
that you simply can't guarantee it will work. Samba-mounted home 
directories, for example, don't work with FIFOs in my testing.

There was some discussion around a similar problem of denial-of-service by 
creating a named /tmp subdirectory for tmux - see the discussion at 
http://seclists.org/oss-sec/2014/q1/60 but it boils down to a) not 
preventing the functioning of the software and b) being user-visible and 
easy to work around.

Summary: All currently-released and active development versions of fish 
require a socket or FIFO path in /tmp.

Hope that helps.

David Adam
zanc...@ucc.gu.uwa.edu.au
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Fish-users mailing list
Fish-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fish-users

Reply via email to