speechd-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Speech Dispatcher 0.7 Beta -- Please help with testing


From: Samuel Thibault
Subject: Speech Dispatcher 0.7 Beta -- Please help with testing
Date: Wed, 28 Apr 2010 01:07:12 +0200

trev.saunders at gmail.com, le Tue 27 Apr 2010 14:30:39 -0400, a ?crit :
> THere is a rather large local security problem with your use of unix sockets. 
>  It is very easy for a local hostile user to cause a denial of service, 
> because you put the unix sockets in a world readable place with *very* 
> predictable names.  They are so predictable because a the only thing that the 
> attacker has to gues is the UID of the user, and because UID's for standard 
> users start at 1000, and are assigned in order, the attacker would only have 
> to create say 100 files, wich with a simple shell script is trivial.

That's actually not really new, compared to the previous TCP/IP
approach.

The place (or port number) has to be well-known for applications to be
able to connect to it anyway, so any security layer needs to be added
after connection.

Samuel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]