Hello Steven,
2008/4/30 Steven Elliott selliott4@austin.rr.com:
I have some concerns about the location of the socket file that wineserver uses. Since by default the current location is in /tmp my concern is that anyone can stop anyone else from using wine just by creating a directory named /tmp/.wine-500.
As far as I know the only risk is denial of service in nature since wine seems to be smart enough to make sure the /tmp/.wine-500 is owned by the user invoking the wine application: > notepad wineserver: /tmp/.wine-500 is not owned by you
Previously the socket file was under ~/.wine. I found this which briefly documents the change here: http://www.winehq.org/site/docs/winedev-guide/x2584 under section "7.3.2. The Wine server" it says:
"In earlier versions of Wine the master socket mentioned above was actually created in the configuration directory; either your home directory's /wine subdirectory or wherever the WINEPREFIX environment variable points. Since that might not be possible the socket is actually created within the /tmp directory with a name that reflects the configuration directory."
/tmp/.wine-<user Id> is hard coded in libs/wine/config.c, so that aspect of the socket file location is not configurable.
Anyway, have alternatives such as the following been considered?:
- Create the socket file in ~/.wine (or wherever WINEPREFIX points)
like wine used to if the user's home directory exists and is writable. Use /tmp/.wine-<user Id> as a fallback.
- Append some additional integer to /tmp/.wine-<user Id> that is
incremented if that directory already exists and is owned by someone else. For example, if /tmp/.wine-500 already exists for user 500 but is owned by someone else then both wineserver and the wine application would append "-1" and then keep incrementing: /tmp/.wine-500 /tmp/.wine-500-1 /tmp/.wine-500-2
The latter won't work, they could create the directory and then delete it after wineserver started. I don't think it is really a problem, by the time someone else can put that directory in /tmp chances are that they can do a lot more malicious things then just making Wine refuse to run.
Cheers, Maarten.