[ic] Standard catalog Customer Entrance or Admin Interface = "Interchange not available"
Kevin Walsh
kevin at cursor.biz
Fri Feb 29 12:31:21 EST 2008
Peter <peter at pajamian.dhs.org> wrote:
> On 02/28/2008 07:10 PM, Curt Hauge wrote:
> > I have seen a similar problem which was resolved by adding this in
> > interchange.cfg:
> >
> > AutoVariable Windows LockType
> > SocketPerms 0666
>
> That's not a good way to fix this problem. It reduces the security of
> the socket by making it wide open to connections from any user. Setting
> it that way is a good way to verify that the problem is with socket
> permissions, but now that you know you really should fix the permissions
> problem rather than opening up the socket like that to all users.
>
Having said that, what's the worst thing a local user with access to
the 0666 socket file can do? They can't compromise security. All they
can really do is open the socket lots of times and cause a DoS. If they
wanted to do that then they could do it remotely anyway.
If you have 0666 on the socket then you should make sure that the socket
file's directory permissions are set to prevent the clowns from simply
deleting the file. You should have appropriate permissions set up on
all directories to prevent this sort of thing anyway.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list