Danek Duvall wrote:
On Tue, Apr 07, 2009 at 05:33:26PM +0100, jmr wrote:
You want this dbus session bus id to be shared by any instances of PM or
UM being run by root, so it needs to be located under /var/tmp. If its
put under a unique dir for each instance of PM or UM then it can't be
shared across the session, which is not the desired behavior.
Doesn't that imply that the name of the file is predictable? If so,
what happens if the file is already there and owned by someone else?
Seems like a vector ripe for attack.
The file is unique for the dbus session for that user on that machine:
~/.dbus/session-bus/9a0ea08dce46c0ecf3f16aa348525c34-0
So how can it be shared?
Its shared by running dbus as the user. Dbus manages it the user doesn't.
You should also probably test whether or not $HOME is writable, not what
the current uid is. Write a test file and remove it if you were
successful. Ideally, catch whatever exception gets thrown by gtk or dbus
or whatever when it tries to write the socket, and try again with a reset
$HOME.
Nope - we do not want root to write to the user's $HOME dir, even if root
can, as it will stamp on any user dbus session owned by the user and
possibly being used by other apps. We need to set $HOME for root only so we
write to root's home dir if specified or /var/tmp if not. If root can't
write to its own home dir then we fall back sensibly on the gconf access
failures.
What if I'm su'ed to another user?
We are running PM and UM with pfexec from the menu, to be functional you
need to run them as root. This is what this fix is about.
Can you explain the scenario that is of concern.
Danek
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
