Opened 2 years ago

#56180 new enhancement

use subdir for trace mode socket

Reported by: jmroot (Joshua Root) Owned by:
Priority: Normal Milestone:
Component: base Version:
Keywords: Cc:
Port:

Description

Creating the socket in /tmp means any process can potentially open it. This is probably only a DoS vector, but still it's not hard to do better. We should put it inside a non-readable temp subdirectory so only processes that know the socket name can use it.

There's a comment in porttrace.tcl that suggests that not doing this is deliberate, but I suspect the author didn't fully understand the problem and how it's usually solved.

Change History (0)

Note: See TracTickets for help on using tickets.