From owner-freebsd-mobile Wed Oct 11 19:54:44 2000 Delivered-To: freebsd-mobile@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 74C6837B502 for ; Wed, 11 Oct 2000 19:54:38 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id WAA54138 for ; Wed, 11 Oct 2000 22:54:37 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 11 Oct 2000 22:54:37 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-mobile@FreeBSD.org Subject: pccardd UNP socket Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've noticed that pccardd creates and uses a UNIX domain socket named /var/tmp/.pccardd. While bind() does use NOFOLLOW in it's namei call, it would probably be better to keep the socket in a well-known place, such as /var/run, where other privileged daemons keep IPC sockets for their control programs. I imagine this is straight forward to do (looks like you just change the name in /usr/src/usr.bin/pccard/pccardd, and presumably pccardc?). Shared temporary directories are the source of many security problems, and reducing system dependence on them makes it easier for sites to stop using them. With the advent of mandatory access control policies due to TrustedBSD, it's conceivable that there might be (fear) demand for multi-instantiated directories, in which case using /tmp, /var/tmp, et al, for IPC will not work. Thanks, Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message