Closed Bug 54267 Opened 25 years ago Closed 24 years ago

Linux: users can deny PSM to other users

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Version:
1.0 Branch
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED WONTFIX

People

(Reporter: tenthumbs, Assigned: ddrinan0264)

Details

Since PSM uses unix-domain sockets on Linux and it uses fixed names it is possible for userA to create /tmp/.nsmc-$userBuid and userB cannot user PSM because userB's Mozilla can neither remove the file nor create a socket with another name. Very bad.
Here are some possible fixes. they all have problems of one kind or another. 1) Put the socket in the user's profile directory. That won't work because struct sockaddr_un only has space for 104 bytes worh of path name. The user's profile might well be deeper. 2) Pass a temp name as a commmand line argument to psm. The bad part is that the name would be visible to a "ls." The good part is that the old Mozilla Classic, nee 4.x, dns helper app has functioning code to get around this. 3) Pass a temp name in an environment variable. That would be visible in /proc but only to the user and root. 4) Use socketpair. I have no idea how portable this would be but it does work on Linux. It would mean changing the way psm starts (I think) but it might be worth it.
Version: 1.01 → 1.2
Changing QA contact to nitinp
QA Contact: lord → nitinp
Reassigning to ddrinan.
Assignee: lord → ddrinan
QA Contact: nitinp → junruh
Marking wontfix. This no longer seems to be a problem with PSM 2.0.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WONTFIX
then it shoudl be marked fixed.
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm1.2 → 1.0 Branch
You need to log in before you can comment on or make changes to this bug.