On Mon, May 05, 2008 at 08:47:52AM +0200, Francois Gouget wrote:
On Wed, 30 Apr 2008, Steven Elliott wrote:
I have some concerns about the location of the socket file that wineserver uses. Since by default the current location is in /tmp my concern is that anyone can stop anyone else from using wine just by creating a directory named /tmp/.wine-500. [...]
In /tmp I see the following:
.X0-lock .X11-unix/ fgouget/ gconfd-fgouget/ vmware-fgouget/ xmms_fgouget.0
So it seems like if there is a malicious user Wine will not be the only application that will be affected. So the question is: are all these apps susceptible to DoS or do they avoid DoS somehow? And if they prevent DoS, how and is that technique applicable to Wine?
For gconfd-* gconfd2 creates secondary directories if one is present (and checks if its there). .X11-unix/ is on suse created during install at least, so no problem. No idea about the others. Ciao, Marcus