----- Original Message -----
> On 02/20/2014 05:56 PM, Nathan Scott wrote:
> >
> > ----- Original Message -----
> >> [...]
> >> To secure pmlogger across AF_UNIX, it's not enough to put the sockets
> >> into variously owned owned directories. /var/lib/pcp/tmp is currently
> >> world-readable, and the socket's own permissions may or may not be
> > Its /var/lib/pcp/tmp/pmlogger though isn't it? We could install that 770
> > with no trouble, nowadays, I think...? (and likewise for pmie)
> >
> I've currently got the system-wide socket being created in /var/run/pcp
> (same location as the pmcd socket) as
Aha, good point - I missed that & thought it was located with the port
map files.
> /var/run/pcp/pmlogger.<pid>.socket. I figured that the sockets should
> all be in the same location.
*nod*
> If the system-wide one stays where it is, and you want the user level
> hierarchy to match the systen-wide one, then then the user level socket
> would then go into to ~/.pcp/run/pmlogger.<pid>.socket, I suppose.
Yes, that sounds like a better option.
> If you want the system-wide socket to go into /var/lib/pcp/tmp/pmlogger,
> then they would become /var/lib/pcp/tmp/pmlogger/<pid>.socket and
> ~/.pcp/tmp/pmlogger/<pid>.socket respectively.
I don't like that option anymore, 20/20 hind-sight. :)
> It doesn't matter to me. This is all encapsulated into
> __pmLogLocalSocketDefault() and __pmLogLocalSocketUser() and can be
> changed easily.
OK.
> I'm on vacation starting this afternoon and not returning until Friday
> Feb 28. I'll push what I have and you can change/merge/ignore it in the
> mean time.
Thanks Dave - I hope to take a closer look today. Have a great holiday!
cheers.
--
Nathan
|