some people at debian were arguing that there can be security problems having a
unix socket in /tmp/socket-ts.UID. They talk about having one or other
permissions to the file.
What I did was to respect the users 'umask', which I think should determine the
security of file or socket creation. The debian people would prefer something
more restricted, and not in /tmp.
Nevertheless, I realised that although the socket, once created, cannot be
touched by anyone else... yes there is a threat when a user never run ts before
or killed the ts daemon and does not have the socket file in /tmp.
Anyone could create the file, and ts would connect to that socket.
So, although I'd keep the behaviour for $TS_SOCKET, I think of adding
file-owner checks for the default (lack of TS_SOCKET defined).
Do you think this will be enough? Or someone understands why /tmp is a bad
place, or why shouldn't ts respect the umask?
I'd prefer to keep /tmp, as for some embedded systems, /tmp lies on tmpfs and ~
in flash, so for me it looks nicer to put things on /tmp.
Regards,
Llu�s.