GNOME Bugzilla – Bug 93554
race condition on /tmp/orbit-foo creation ...
Last modified: 2019-02-23 02:42:54 UTC
It's possible that 2 different /tmp/orbit-$user-$rand directories will be created and then mis-matched; Should be fixed by: <scan> create foo-user-random-tst <scan> rename foo-user-random-tst > foo-user-random With a random timed unlink fallback on the 2nd <scan> if we hit another '-tst' suffix of the right permissions. We also need to propagate the tmpdir information from b-a-s to child by using an ORBit2 command line parameter - in which case we can avoid the (expensive) scan. Also, we need some way of dealing with invisible /tmp directories. This is going to have some appalling performance characteristic though; since we'd need to do a well defined sequence: /tmp/orbit-user /tmp/orbit-user-1 etc. until we created a directory we could use. C'est la vie. a 'security' option, that increases the likelihood of a DOS attack.
Code to hack is in ORBit2/src/orb/GIOP/giop.c (giop_tmpdir_init).
I think this should be fixed by this commit: 2003-05-30 Michael Meeks <michael@ximian.com> * src/orb/GIOP/giop.c (giop_tmpdir_init): guard against double init. (ORBit_get_safe_tmp): impl. for hp/others. Am I right?
perhaps - but the propagation thing in the environment is not fixed :-)
ORBit2 is not under active development anymore. Its codebase has been archived: https://gitlab.gnome.org/Archive/orbit2/commits/master Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality. Please feel free to reopen this ticket (or rather reactivate the project to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the responsibility for active development again.