Path: utzoo!utgpu!watmath!uunet!tut.cis.ohio-state.edu!morgan.com!frank From: frank@morgan.com (Frank Wortner) Newsgroups: gnu.emacs Subject: Re: Socket created by emacsclient server Message-ID: <8811091441.AA06440@s2.Morgan.COM> Date: 9 Nov 88 14:41:26 GMT Sender: daemon@tut.cis.ohio-state.edu Distribution: gnu Organization: GNUs Not Usenet Lines: 34 >Unix-domain sockets, just like Internet sockets, need listeners in order >to be used by any client. If there is an existing socket with protection >777 in your home directory, some server process may be able to use that >as the binding for its Unix-domain socket, but all a client using this >socket will have access to is whatever that server process gives it. That is still not an excuse for a program to leave an unused socket lying around. If a sort program failed to remove temporary files after the program finished using them, most people would judge that the program had a bug. Any utility should take care to remove and/or release resouces it no longer needs. >So unless you run a server that opens a shell to clients using that >socket, or root does, there is no security problem (if you happen to care Yet another thing root *shouldn't* do! What's the point of having a "super user" if (s)he has to remember not to: 1) have "." in the current search path; 2) run emacs servers ; 3) etc., ad nauseum ... :-) >about those, which most non-paranoid people don't). I don't think the label "paranoid" applies here, but if you want to use it, then I'm afraid that most computer installations are "paranoid" to one extent or another. Dismissing concern about the security and safety of data (which often represents much hard work) as "paranoia" just does not wash. Whether or not this particular problem proves to be a true risk (and that has not bee proven or disproven), it is a concern of an individual. That person deserves an answer, not an implied diagnosis of a psychological problem. Frank Now that I'm climbing off the soapbox, I hope no one in the audience brought any rotten vegetables.