Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
/tmp/fishd.socket.user permissions checking (CVE-2014-2905) #1436
In fixing this issue, I went with
I decided against manipulating umask, checking permissions or checking socket owners because none of those are guaranteed to be respected by the socket API - in particular, on Solaris, anyone can connect to a socket filename regardless of owner or file mode.
It has been pointed out that this probably isn't a sufficient fix; there is no verification that there is a fishd process is at the other end, and so a symlink can be used to cause fish to talk the fish protocol to other sockets owned by the same user - such as a program which may not be expecting fish input.
I think, unfortunately, we are going to have to move the socket path, and I don't think there's any way of falling back to the old path securely, so this will require a restart of all running fish instances before universal variables work.
I dropped the ball on this a bit but I think it's time to get the fix out.
My plan at present is to move the socket path entirely, using a secure path like tmux, and give up on
The problem with moving the path is that it is possible to have two versions of
The options are:
added a commit
Aug 3, 2014
Thanks zanchey, overall this looks very solid. Two suggestions: