I don't use or understand this program at all. And I don't speak Japanese, so the learning curve is a bit steep. But, in Fedora Core 2 and in the current rawhide version, it's creating /tmp/.iroha_unix as a world-writable directory. That doesn't seem right. The package also owns /var/run/.iroha_unix, with far more restrictive permissions, but doesn't appear to put anything there. I've made a patch to the config file which causes it to actually put the IROHA socket file in /var/run/.iroha_unix. I'll attach this patch in a second. I don't have a good way of testing this (I'll see if I can find a japanese speaking linux-savvy student somewhere around here....), but it seems like the right thing to do.
Created attachment 101377 [details] use /var/run/.iroha_unix instead of creating /tmp/.iroha_unix with insecure permissions (It occurs to me that it might also be good to patch the code so that if the directory doesn't exist and needs to be recreated, it's created with the right permissions instead of 0777.
already fixed in 3.7p3-4 which has been released yesterday. thanks for the notification anyway.