#662: "Failed to create secure directory" when .pulse is a symlink ---------------------+------------------------------------------------------ Reporter: elitak | Owner: lennart Type: defect | Status: reopened Milestone: | Component: pavucontrol Resolution: | Keywords: ---------------------+------------------------------------------------------ Changes (by prakisk):
* status: closed => reopened * resolution: invalid => Comment: Replying to [comment:3 lennart]: > Replying to [comment:2 elitak]: > > Whether it's the correct behavior or not, this is a big concern for usability. > > Usability? What does ~/.pulse have to do with usability? > > > If launched from a gnome desktop shortcut, the app gives no indication that there's a problem and doesn't even terminate. There should at least be a dialog box that the user must dismiss. Flag this ticket as an enchancement or retitle it, perhaps? > > Uh. PA is a session service, it should be run from the XDG autostart dir, not via some desktop shortcut. It should generally be invisible to the user. Also, what does that have to do with ~/.pulse not being allowed to be a symlink? > > > Also, I don't understand how disallowing intermediate links to the .pulse directory makes anything more secure, but then I certainly don't have anything close to the whole picture. I'll just have to take your word on it, unless you'd care to explain? > > If you have a chain of symlinks and only verify the access mode of the final destination but some evildoer has write access to the dir one of the intermediate symlinks is located in he might redirect replace that symlink to some spot that is not safe. If we'd go and verify each step of the symlink chain we could detect that, however that would be very ugly and -- what's worse -- racy, since we cannot atomically check the whole chain. So, to fix this we simply make sure .pulse is not a symlink in the first place. > > Also, I cannot see at all why you'd want to make .pulse a symlink in the first place. Just because you don't see a reason doesn't mean there's no valid reason. and just because you don't agree with it, doesn't mean it's invalid. Your efforts to secure things are noble, but i think this is misplaced. Not allowing symlinks is a bug. Please fix. thanks. prakisk -- Ticket URL: <http://pulseaudio.org/ticket/662#comment:4> PulseAudio <http://pulseaudio.org/> The PulseAudio Sound Server _______________________________________________ pulseaudio-tickets mailing list pulseaudio-tickets@mail.0pointer.de https://tango.0pointer.de/mailman/listinfo/pulseaudio-tickets