bin/60236: inetd(8): set ownership of local sockets

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/60236: inetd(8): set ownership of local sockets
From: "campbell+netbsd%mumble.net@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Thu, 7 May 2026 23:20:01 +0000 (UTC)

>Number:         60236
>Category:       bin
>Synopsis:       inetd(8): set ownership of local sockets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 07 23:20:00 +0000 2026
>Originator:     Taylor R Campbell
>Release:        current, 11, 10, 9, ...
>Organization:
The InetBSD Foundation
>Environment:
>Description:

	inetd(8) can bind to local sockets, and can setuid/setgid the
	process that handles them.  But it doesn't seem to have any way
	to set the ownership or permissions on the sockets it bound, so
	only root can connect to the socket.

>How-To-Repeat:

	With this inetd.conf fragment:

/var/run/test.sock	stream	unix	nowait	_httpd:_httpd	/usr/libexec/httpd	httpd /var/www

	The socket is bound like so:

$ ls -l /var/run/test.sock
srwxr-xr-x  1 root  wheel  0 May  7 23:11 /var/run/test.sock

>Fix:

	Invent notation for socket owner and socket permissions.

Prev by Date: PR/59957 CVS commit: src/usr.sbin/dumpfs
Previous by Thread: PR/59957 CVS commit: src/usr.sbin/dumpfs
Indexes:

Home | Main Index | Thread Index | Old Index