On Sat, Sep 03, 2011 at 12:07:59PM +0200, Ansgar Burchardt wrote: > David Bremner <brem...@unb.ca> writes: > You can have a symlink to a socket somewhere else which can then have a > random name. In case the real socket is in a world-writable directory, > you also need to check that it is still your socket and was not replaced > later (for example an attacker could recreate the socket after /tmp was > cleaned on reboot). At least Chromium, Akonadi and KDE do this.
That's the approach I wanted to take, as this was the only threat I could imagine. So, I'll simply check the ownership. I'll release a new version with that. The patch should be simple. Thank you, Lluís. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110903111233.gx1...@vicerveza.homeunix.net
