On Mon, May 05, 2008 at 08:47:52AM +0200, Francois Gouget wrote:
On Wed, 30 Apr 2008, Steven Elliott wrote:
I have some concerns about the location of the socket file that wineserver uses. Since by default the current location is in /tmp my concern is that anyone can stop anyone else from using wine just by creating a directory named /tmp/.wine-500.
[...]
In /tmp I see the following:
.X0-lock .X11-unix/ fgouget/ gconfd-fgouget/ vmware-fgouget/ xmms_fgouget.0
So it seems like if there is a malicious user Wine will not be the only application that will be affected. So the question is: are all these apps susceptible to DoS or do they avoid DoS somehow? And if they prevent DoS, how and is that technique applicable to Wine?
For gconfd-* gconfd2 creates secondary directories if one is present (and checks if its there).
.X11-unix/ is on suse created during install at least, so no problem.
No idea about the others.
Ciao, Marcus