Otto Moerbeek <o...@drijf.net> wrote: > On Sat, Oct 21, 2023 at 10:40:45PM +0300, Kapetanakis Giannis wrote: > > > On 21/10/2023 20:39, Florian Obser wrote: > > > Which was 8 years ago. I don't understand why you see a change in 7.4. > > > > > > Anyway, we decided to not clean up control sockets in any of our > > > privsep daemons because leaving them behind does not cause any issues. > > > > I just noticed it today when I tried to use the socket in a script and > > noticed that it stayed there even after shutdown and though it was after 7.4 > > but I was wrong about that. > > > > Your commit made it that clear. > > > > Agree it's not a big case if it stays there. > > > > Would the unlink succeed if the socket was owned by _relayd? > > > > G > > Unlinking somthing requires write permissions to the directory it is > in.
Which means an attacker who gains control, but otherwise can't do a bunch of other things becuase of the privsep design -- could still fill the directory and filesystem. So a few years ago we asked ourselves -- is the tradeoff worth it?
