[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Speech Dispatcher 0.7 Beta -- Please help with testing
From: |
trev . saunders |
Subject: |
Speech Dispatcher 0.7 Beta -- Please help with testing |
Date: |
Tue, 27 Apr 2010 14:30:39 -0400 |
HI,
THere is a rather large local security problem with your use of unix sockets.
It is very easy for a local hostile user to cause a denial of service, because
you put the unix sockets in a world readable place with *very* predictable
names. They are so predictable because a the only thing that the attacker has
to gues is the UID of the user, and because UID's for standard users start at
1000, and are assigned in order, the attacker would only have to create say 100
files, wich with a simple shell script is trivial.
Trev
- Speech Dispatcher 0.7 Beta -- Please help with testing, Hynek Hanke, 2010/04/27
- Speech Dispatcher 0.7 Beta -- Please help with testing,
trev . saunders <=
- Speech Dispatcher 0.7 Beta -- Please help with testing, Samuel Thibault, 2010/04/27
- Speech Dispatcher 0.7 Beta -- Please help with testing, Hynek Hanke, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, trev . saunders, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, A, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, Hynek Hanke, 2010/04/28
- Speech Dispatcher 0.7 Beta -- Please help with testing, trev . saunders, 2010/04/28