2010/6/11 Guido Berhoerster <[email protected]>
> * dgod <[email protected]> [2010-06-11 03:42]:
> > > Firstly, the socket is created in /tmp with a well known name
> > > allowing for a simple DOS attack, any user can just mkdir
> > > /tmp/lxdm.sock and lxdm won't start any more.
> > >
> > > Secondly, it does try to unlink before binding the socket which
> > > leads to a race condition creating another possibility for DOS
> > > attacks.
> > >
> >
> > maybe move the lxdm.sock to /var/run path helpful? or just use anonymous
> > socket?
>
> Well yeah, any directory which is owned and only writable to
> root. If you're not coming from a Unix background please read up
> on the Unix filesystem permissions model.
I'll look into dbus to see how he can.
> > >
> > > Thirdly, the socket is created world writable so any user can
> > > just delete it anyway.
> > >
> > I want to make it anyone can writable, so make it anonymous too ? or
> maybe
> > other method
>
> Why would you want to do that?
>
A user in session should can send a user switch command to lxdm.
>
> > > Avoiding this is Unix system programming 101 so my only
> > > suggestion (as I have stated before) is to use an anonymous pipe
> > > for signal handling (i.e. the self-pipe trick) and get rid of the
> > > socket altogether. For IPC there are better methods such as
> > > DBus. While I acknowledge that the code is under development,
> > > stuff like this should IMO never go into a public repository.
> > >
> > use pipe will take two file descriptors, as glib in child watch code
> > already introduce the two pipe and a
> > thread, I don't think they are good.
>
> I don't see the problem with that approach, it is used by many
> glib/gtk applications even GDM. Have a look at GDM's signal
> handling code if you need some inspiration on how to implement
> this.
>
It's not problem, but it's just waste of memory, even it's a normal way
every other do.
> > I'don want to depend on dbus, the lxdm's goal is to work with no
> dependency
> > not necceary.
>
> DBus is nowadays a low-level dependency (whether one likes it or
> not).
>
> That's other one depend on it, not lxdm. I just to choose things less
dependency.
that's the reason I use lxde.
--
> Guido Berhoerster
>
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Lxde-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lxde-list
