Re: /tmp/.ICE-unix



On 16Sep2001 11:37PM (-0400), Havoc Pennington wrote:
> 
> Seth Aaron Nickell <snickell Stanford EDU> writes: 
> > Printing the data out to the commandline is also a silly approach. If this 
> > represents a significant security violation, it should pop up a dialogue 
> > warning the user, and offer to fix it (of course prompting for a root 
> > password). 
> > 
> > I've seen this on too many systems for exit(1) to be a viable option. 
> > That's a cop-out.
> 
> What would the dialog say? "Hi. Some weird permissions are mangled on
> some weird file resulting in ICE authentication insecurity. Please
> give your root password to do something you don't understand." ;-)
> 
> I don't think so. If it's a security issue (and I think it probably is
> - whoever owns the dir can delete everyone else's ICE sockets), then
> it's a cop-out if we ever let the situation arise. I think we've let
> it arise because people haven't noticed the message or didn't think it
> was important, because it doesn't fatally crash. This is an assertion
> failure, in other words, it's not an expected error condition. At
> least that's my interpretation. I would have put maybe a
> g_assert_not_reached() in this spot, not sleep (5). It represents a
> system bug.

A filesystem condition should never be an assertion failure. It should
always result in an error message explaining what's wrong, and ideally
how to fix it (possibly followed by exiting if the error is not
recoverable, although it's better to degrade gracefully or fix the
problem). The filesystem should be considered untrusted external data.

I have no opinion on the rest of your message (about how to get the
permissions right) because I don't know much about this specific
issue.

Regards,

Maciej






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]