Julien, thank you for putting me back in CC. ;)
On Thu, Mar 01, 2012 at 09:48:47PM +0100, Julien Cristau wrote:
On Thu, Mar 1, 2012 at 12:39:41 -0800, Tim wrote:
Note that the chown root:root $SOCKET_DIR also seems redundant to me
(if we didn't already own it, we would have bigger
Oops, I forgot then in my last post:
- if [ ! -O $SOCKET_DIR ];
+ if [ ! -O $SOCKET_DIR ]; then
I have attached a patch. Hope this helps.
--- a/debian/x11-common.init 2010-09-04 19:26:52.0 +0200
+++ b/debian/x11-common.init 2012-03-02 13:37:29.0 +0100
@@ -26,16 +26,26 @@
fi
On Fri, Mar 2, 2012 at 12:44:23 +0100, vladz wrote:
Julien, thank you for putting me back in CC. ;)
On Thu, Mar 01, 2012 at 09:48:47PM +0100, Julien Cristau wrote:
On Thu, Mar 1, 2012 at 12:39:41 -0800, Tim wrote:
Note that the chown root:root $SOCKET_DIR also seems redundant to me
* Bernhard R. Link brl...@debian.org [120302 15:56]:
And I think if there is something else, it might make sense to
try to move it away again and try to create it again.
How about the following:
# create a directory in /tmp.
# assumes /tmp has a sticky bit set (or is only writeable by root)
* Julien Cristau jcris...@debian.org [120302 14:31]:
I think the obsolete chown command should be removed (as said Tim), and
also the chmod should by replaced by a single atomic operation (using
mkdir -m). Those two things will avoid usages of dangerous commands
and then, reduce TOCTTOU
On Fri, Mar 02, 2012 at 02:29:33PM +0100, Julien Cristau wrote:
I'm not convinced the chown can be removed. And 'mkdir -m 1777 foo' is
not any more atomic than 'mkdir foo chmod 1777 foo'.
The command mkdir -m calls the mkdir() syscall, and its second
argument seems to be the mode.
$
On Fri, Mar 2, 2012 at 20:20:11 +0100, vladz wrote:
On Fri, Mar 02, 2012 at 02:29:33PM +0100, Julien Cristau wrote:
I'm not convinced the chown can be removed. And 'mkdir -m 1777 foo' is
not any more atomic than 'mkdir foo chmod 1777 foo'.
The command mkdir -m calls the mkdir()
As far as the short-term solution to this problem goes, how about
this (untested)?
if [ -e $SOCKET_DIR ] [ ! -d $SOCKET_DIR ]; then
mv $SOCKET_DIR $SOCKET_DIR.$$ || exit $?
fi
if [ ! -e $SOCKET_DIR ]; then
mkdir $SOCKET_DIR || exit $?
chown root:root $SOCKET_DIR
chmod 1777
On Thu, Mar 1, 2012 at 11:55:29 -0800, Tim wrote:
As far as the short-term solution to this problem goes, how about
this (untested)?
if [ -e $SOCKET_DIR ] [ ! -d $SOCKET_DIR ]; then
mv $SOCKET_DIR $SOCKET_DIR.$$ || exit $?
fi
if [ ! -e $SOCKET_DIR ]; then
mkdir $SOCKET_DIR ||
Hi Julien,
As far as the short-term solution to this problem goes, how about
this (untested)?
if [ -e $SOCKET_DIR ] [ ! -d $SOCKET_DIR ]; then
mv $SOCKET_DIR $SOCKET_DIR.$$ || exit $?
fi
if [ ! -e $SOCKET_DIR ]; then
mkdir $SOCKET_DIR || exit $?
chown
On Thu, Mar 1, 2012 at 12:39:41 -0800, Tim wrote:
I think there is still a race in your version in the lines which look
like:
+ mkdir $ICE_DIR 2/dev/null || [ -d $ICE_DIR ] ! [ -h $ICE_DIR ]
mkdir will fail if the file already exists for any reason. After
mkdir fails, it is possible
/etc/init.d/x11-common on boot should run before any unprivileged user
has a chance to do anything (it's in rcS.d, and depends only on
$local_fs), so it's less of a problem than initial package installation
AFAICT.
I'm not that familiar with the newer dependency boot sequencing, but I
know
This appears to be a pretty serious problem. I agree, just dropping
'-p' won't work for functional reasons.
As a better long-term solution, have you considered just moving those
directories out of /tmp? There's almost always a safer place to put
temporary files/directories. For instance,
* Tim tim-deb...@sentinelchicken.org [120229 23:00]:
As a better long-term solution, have you considered just moving those
directories out of /tmp?
Those are for sockets whose name is part of the interface to access
them. So you cannot move them. And the directory itself needs to be
Hi Bernhard,
As a better long-term solution, have you considered just moving those
directories out of /tmp?
Those are for sockets whose name is part of the interface to access
them. So you cannot move them. And the directory itself needs to be
world-writeable, so it is best placed
15 matches
Mail list logo
