#56180 closed enhancement (fixed)
use subdir for trace mode socket
| Reported by: | jmroot (Joshua Root) | Owned by: | jmroot (Joshua Root) |
|---|---|---|---|
| Priority: | Normal | Milestone: | MacPorts 2.7.0 |
| Component: | base | Version: | |
| Keywords: | Cc: | ||
| Port: |
Description
Creating the socket in /tmp means any process can potentially open it. This is probably only a DoS vector, but still it's not hard to do better. We should put it inside a non-readable temp subdirectory so only processes that know the socket name can use it.
There's a comment in porttrace.tcl that suggests that not doing this is deliberate, but I suspect the author didn't fully understand the problem and how it's usually solved.
Change History (2)
comment:1 Changed 4 years ago by jmroot (Joshua Root)
| Owner: | set to jmroot |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:2 Changed 4 years ago by jmroot (Joshua Root)
| Milestone: | → MacPorts 2.7.0 |
|---|
Note: See
TracTickets for help on using
tickets.
In 3f248bd82a7e689fd80ee658f9e981ac0912b1d0/macports-base (master):