Opened 7 years ago

Closed 4 years ago

Last modified 4 years ago

#56180 closed enhancement (fixed)

use subdir for trace mode socket

Reported by: jmroot (Joshua Root) Owned by: jmroot (Joshua Root)
Priority: Normal Milestone: MacPorts 2.7.0
Component: base Version:
Keywords: Cc:
Port:

Description

Creating the socket in /tmp means any process can potentially open it. This is probably only a DoS vector, but still it's not hard to do better. We should put it inside a non-readable temp subdirectory so only processes that know the socket name can use it.

There's a comment in porttrace.tcl that suggests that not doing this is deliberate, but I suspect the author didn't fully understand the problem and how it's usually solved.

Change History (2)

comment:1 Changed 4 years ago by jmroot (Joshua Root)

Owner: set to jmroot
Resolution: fixed
Status: newclosed

In 3f248bd82a7e689fd80ee658f9e981ac0912b1d0/macports-base (master):

Put trace mode socket in a subdir

Closes: #56180

comment:2 Changed 4 years ago by jmroot (Joshua Root)

Milestone: MacPorts 2.7.0
Note: See TracTickets for help on using tickets.