[MacPorts] #56180: use subdir for trace mode socket
MacPorts
noreply at macports.org
Thu Mar 29 14:09:37 UTC 2018
#56180: use subdir for trace mode socket
-------------------------+-----------------
Reporter: jmroot | Owner:
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Keywords: | Port:
-------------------------+-----------------
Creating the socket in /tmp means any process can potentially open it.
This is probably only a DoS vector, but still it's not hard to do better.
We should put it inside a non-readable temp subdirectory so only processes
that know the socket name can use it.
There's a comment in porttrace.tcl that suggests that not doing this is
deliberate, but I suspect the author didn't fully understand the problem
and how it's usually solved.
--
Ticket URL: <https://trac.macports.org/ticket/56180>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list