From owner-freebsd-mobile Thu Oct 12 9:24:45 2000 Delivered-To: freebsd-mobile@freebsd.org Received: from light.imasy.or.jp (light.imasy.or.jp [202.227.24.4]) by hub.freebsd.org (Postfix) with ESMTP id E85AF37B502; Thu, 12 Oct 2000 09:24:38 -0700 (PDT) Received: (from uucp@localhost) by light.imasy.or.jp (8.11.0+3.3W/3.7W-light) with UUCP id e9CGOYs09517; Fri, 13 Oct 2000 01:24:34 +0900 (JST) (envelope-from ume@mahoroba.org) Received: from localhost (IDENT:7OMpQK0mp7/D6IphmGfrllRFA3AY/SkWZHB+8NLvVZj5EuUuW1tpjjL2+rbP8VIJ@peace.mahoroba.org [2001:200:301:0:200:f8ff:fe05:3eae]) by mail.mahoroba.org (8.11.1/8.11.1/chaos) with ESMTP/inet6 id e9CGMHV26636; Fri, 13 Oct 2000 01:22:17 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Fri, 13 Oct 2000 01:22:16 +0900 (JST) Message-Id: <20001013.012216.59535885.ume@mahoroba.org> To: rwatson@FreeBSD.org Cc: freebsd-mobile@FreeBSD.org Subject: Re: pccardd UNP socket From: Hajimu UMEMOTO In-Reply-To: References: X-Mailer: xcite1.20> Mew version 1.95b38 on Emacs 20.7 / Mule 4.0 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?= X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91 05 D0 B3 EF 36 9B 6A BC X-URL: http://www.imasy.org/~ume/ X-OS: FreeBSD 5.0-CURRENT Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> On Wed, 11 Oct 2000 22:54:37 -0400 (EDT) >>>>> Robert Watson said: rwatson> I've noticed that pccardd creates and uses a UNIX domain socket named rwatson> /var/tmp/.pccardd. While bind() does use NOFOLLOW in it's namei call, it rwatson> would probably be better to keep the socket in a well-known place, such as rwatson> /var/run, where other privileged daemons keep IPC sockets for their rwatson> control programs. I imagine this is straight forward to do (looks like rwatson> you just change the name in /usr/src/usr.bin/pccard/pccardd, and rwatson> presumably pccardc?). Shared temporary directories are the source of many rwatson> security problems, and reducing system dependence on them makes it easier rwatson> for sites to stop using them. With the advent of mandatory access control rwatson> policies due to TrustedBSD, it's conceivable that there might be (fear) rwatson> demand for multi-instantiated directories, in which case using /tmp, rwatson> /var/tmp, et al, for IPC will not work. Yes. While merging this feature from PAO3, I wondered it. This IPC socket is used to communicate pccardd with some PAO3 applications such as gxcardmon. pccardc is not related. I think /var/run is good place. Existing PAO3 applications suppose the location. So, I didn't change it. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message