Subject: Re: Are permissions of local sockets correct?
To: None <email@example.com>
From: Julio M. Merino Vidal <firstname.lastname@example.org>
Date: 08/22/2005 21:32:52
On 8/22/05, Thor Lancelot Simon <email@example.com> wrote:
> On Sun, Aug 21, 2005 at 11:25:56PM +0200, Julio M. Merino Vidal wrote:
> > Hi all,
> > while trying gamin (a file alteration monitor, like fam), I found that =
> > refuses to work because it detects that the local sockets it creates
> > have "too much permissions" (that is, 777).
> > As I see in our code, local sockets are always created with this
> > mode, regardless of the user's umask. Is this correct? And if so,
> > why?
> Because that's how BSD Unix always did it.
> The portable solution for restricting access to a Unix domain socket is
> to put it in a directory with appropriate permissions.
Aha; thanks for the explanation.
In fact, gamin is doing so. It creates a directory with 700 permissions
and then creates the socket inside it. I don't know wtf does it barf
later on when it sees that the socket has 777 permissions, given that
it has done things right.
> However, there
> is code floating around out there that expects sockets to be created
> with appropriate modes (respecting the umask) and I see no harm at all
> in causing our implementation to work that way. I suggest that you do
Yeah, sounds reasonable. But IMHO, we should explain somewhere
(bind(2) ?) that this is not how things should be done (I'll do this change
too if I commit the "fix").
Julio M. Merino Vidal <firstname.lastname@example.org>
The NetBSD Project - http://www.NetBSD.org/