[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Speech Dispatcher 0.7 Beta -- Please help with testing
|
From: |
Samuel Thibault |
|
Subject: |
Speech Dispatcher 0.7 Beta -- Please help with testing |
|
Date: |
Wed, 28 Apr 2010 01:07:12 +0200 |
trev.saunders at gmail.com, le Tue 27 Apr 2010 14:30:39 -0400, a ?crit :
> THere is a rather large local security problem with your use of unix sockets.
> It is very easy for a local hostile user to cause a denial of service,
> because you put the unix sockets in a world readable place with *very*
> predictable names. They are so predictable because a the only thing that the
> attacker has to gues is the UID of the user, and because UID's for standard
> users start at 1000, and are assigned in order, the attacker would only have
> to create say 100 files, wich with a simple shell script is trivial.
That's actually not really new, compared to the previous TCP/IP
approach.
The place (or port number) has to be well-known for applications to be
able to connect to it anyway, so any security layer needs to be added
after connection.
Samuel
- Speech Dispatcher 0.7 Beta -- Please help with testing, Hynek Hanke, 2010/04/27
- Speech Dispatcher 0.7 Beta -- Please help with testing, trev . saunders, 2010/04/27
- Speech Dispatcher 0.7 Beta -- Please help with testing,
Samuel Thibault <=
- Speech Dispatcher 0.7 Beta -- Please help with testing, Hynek Hanke, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, trev . saunders, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, A, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, Hynek Hanke, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, trev . saunders, 2010/04/28
[orca-list] Speech Dispatcher 0.7 Beta -- Please help with testing, Mgr . Janusz Chmiel, 2010/04/27