Re: .steprc problem
Wed, 20 Sep 2000 10:22:33 -0500

>> On Thu, Sep 07, 2000 at 09:49:00AM +0200, Frank Ronny Larsen wrote:
>> > I'm sure this has been discussed here before, but what is the reason
>> > this socket is located in the users home directory? On large sites 
>> > home directory is very likely to be placed on an NFS mounted system 
>> > of a local disk.
>> >
>> > /tmp would be a much more logical place to put this file. (as is done 
>> > most other programs using file-sockets..) Only on very rare 
>> > have I seen /tmp being NFS mounted. (and that was diskless 
>> The pipe was originally in the /tmp directory and it was moved
>> to the home directory so that two users starting on the same
>> machine would not attempt to write each other's files.
>> There is also a security problem with placing the file
>> into the /tmp - you all heard of possible race conditions
>> and it is a good idea to think of that before you create
>> a file in the /tmp. Of course, having the pipe on NFS
>> does not make any sense at all but there should be a better
>> solution than to just create a file in the /tmp.

>Isn't this what /tmp is for?
>Solution for two-users-problem: create a file named
>   /tmp/afterstep_PID_connect.DISPLAY=:0.0
>owned and accessible only by the user that owns the corresponding PID.
>With the correct permissions (600?) set, this shouldn't be that much of a
>security problem.

That is exactly the solution I've been thinking about. So it look like 
that is the way we should go. 

Please everybody who reads this and has any knowldege on the subject - 
post your comments if you think that this approach in unaccepteble or if 
have better approach.

If I don't hear anything for next week, I'll implement it this way in both 

1.8 stable and 1.9 devel.

>I'll stick my nose down the CVS code and see if I can make this better. I
>just need a kick of inspiration, which has been rather lacking lately. :(

actually change is very simple ( module.c, line 78-79 ), so while your are 

waiting on me  - you can do it yourself.



To unsubscribe from this mailing list, simply type the following at #
echo "unsubscribe as-users <your_email>" | mail