Closed Bug 54267 Opened 24 years ago Closed 23 years ago

Linux: users can deny PSM to other users

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Version:
1.0 Branch
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED WONTFIX

People

(Reporter: tenthumbs, Assigned: ddrinan0264)

Details

Since PSM uses unix-domain sockets on Linux and it uses fixed names it is
possible for userA to create /tmp/.nsmc-$userBuid and userB cannot user PSM
because userB's Mozilla can neither remove the file nor create a socket with
another name. Very bad.
Here are some possible fixes. they all have problems of one kind or
another.

1) Put the socket in the user's profile directory. That won't work
because struct sockaddr_un only has space for 104 bytes worh of path
name. The user's profile might well be deeper.

2) Pass a temp name as a commmand line argument to psm. The bad part is
that the name would be visible to a "ls." The good part is that the old
Mozilla Classic, nee 4.x, dns helper app has functioning code to get
around this.

3) Pass a temp name in an environment variable. That would be visible in
/proc but only to the user and root.

4) Use socketpair. I have no idea how portable this would be but it does
work on Linux. It would mean changing the way psm starts (I think) but
it might be worth it.
Version: 1.01 → 1.2
Changing QA contact to nitinp
QA Contact: lord → nitinp
Reassigning to ddrinan.
Assignee: lord → ddrinan
QA Contact: nitinp → junruh
Marking wontfix. This no longer seems to be a problem with PSM 2.0.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WONTFIX
then it shoudl be marked fixed.
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm1.2 → 1.0 Branch
You need to log in before you can comment on or make changes to this bug.