wineserver socket file and DOS attacks

[Maarten Lankhorst]

Hell Ove,

2008/4/30 Ove Kaaven <ovek at arcticnet.no>:
> Maarten Lankhorst skrev:
>
>
> > The latter won't work, they could create the directory and then delete
> > it after wineserver started. I don't think it is really a problem, by
> > the time someone else can put that directory in /tmp chances are that
> > they can do a lot more malicious things then just making Wine refuse
> > to run.
> >
>
>  Like what? The UNIX user/permission system, including the sticky bit used
> on /tmp, is supposed to protect local users against each other, but this is
> contingent on files created in /tmp using unique names (like what mktemp
> generates). There's very little else malicious people can do if the system
> is otherwise properly set up in a secure fashion, and this socket-in-/tmp
> thing sounds like a quite legitimate concern.
Wine checks ownership of the socket and directory, so race conditions
aren't really a problem. This means that despite being put in a public
directory there is no chance of a race condition. I don't see a
security risk here, if someone is evil they could create that
directory so wine wouldn't run, but that harm is only restricted to
'wine does not start'.

Cheers,
Maarten.