On 02/20/2014 05:56 PM, Nathan Scott wrote:
----- Original Message -----
[...]
To secure pmlogger across AF_UNIX, it's not enough to put the sockets
into variously owned owned directories. /var/lib/pcp/tmp is currently
world-readable, and the socket's own permissions may or may not be
Its /var/lib/pcp/tmp/pmlogger though isn't it? We could install that 770
with no trouble, nowadays, I think...? (and likewise for pmie)
I've currently got the system-wide socket being created in /var/run/pcp
(same location as the pmcd socket) as
/var/run/pcp/pmlogger.<pid>.socket. I figured that the sockets should
all be in the same location. Currently the user level socket is created
as ~/.pcp/pmlogger/pmlogger.<pid>.socket.
If the system-wide one stays where it is, and you want the user level
hierarchy to match the systen-wide one, then then the user level socket
would then go into to ~/.pcp/run/pmlogger.<pid>.socket, I suppose.
If you want the system-wide socket to go into /var/lib/pcp/tmp/pmlogger,
then they would become /var/lib/pcp/tmp/pmlogger/<pid>.socket and
~/.pcp/tmp/pmlogger/<pid>.socket respectively.
It doesn't matter to me. This is all encapsulated into
__pmLogLocalSocketDefault() and __pmLogLocalSocketUser() and can be
changed easily.
I'm on vacation starting this afternoon and not returning until Friday
Feb 28. I'll push what I have and you can change/merge/ignore it in the
mean time.
Dave
|