Date: Wed, 11 Oct 2000 22:54:37 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: freebsd-mobile@FreeBSD.org Subject: pccardd UNP socket Message-ID: <Pine.NEB.3.96L.1001011225019.44391G-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
I've noticed that pccardd creates and uses a UNIX domain socket named /var/tmp/.pccardd. While bind() does use NOFOLLOW in it's namei call, it would probably be better to keep the socket in a well-known place, such as /var/run, where other privileged daemons keep IPC sockets for their control programs. I imagine this is straight forward to do (looks like you just change the name in /usr/src/usr.bin/pccard/pccardd, and presumably pccardc?). Shared temporary directories are the source of many security problems, and reducing system dependence on them makes it easier for sites to stop using them. With the advent of mandatory access control policies due to TrustedBSD, it's conceivable that there might be (fear) demand for multi-instantiated directories, in which case using /tmp, /var/tmp, et al, for IPC will not work. Thanks, Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001011225019.44391G-100000>