Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

Review: The Linux Programming Interface

Posted Jan 21, 2011 14:13 UTC (Fri) by cras (guest, #7000)
In reply to: Review: The Linux Programming Interface by RobSeace
Parent article: Review: The Linux Programming Interface

What systems ignore filesystem permissions on UNIX sockets? I doubt any that still matter (Linux, OSX, BSDs, Solaris).

(Log in to post comments)

Posted Jan 21, 2011 14:54 UTC (Fri) by RobSeace (subscriber, #4435) [Link]

As far as I know, most BSD derived ones do... Maybe the modern BSDs have added support for Unix domain file permissions, but it certainly wasn't historically true... I know I've heard of Solaris/SunOS ignoring Unix domain file perms before, as well... From "man 7 unix" on a Linux box:

In the Linux implementation, sockets which are visible in the filesys-
tem honour the permissions of the directory they are in. Their owner,
group and their permissions can be changed. Creation of a new socket
will fail if the process does not have write and search (execute) per-
mission on the directory the socket is created in. Connecting to the
socket object requires read/write permission. This behavior differs
from many BSD-derived systems which ignore permissions for Unix sock-
ets. Portable programs should not rely on this feature for security.

Review: The Linux Programming Interface

Posted Jan 21, 2011 15:05 UTC (Fri) by cras (guest, #7000) [Link]

Looking at http://www.cvedetails.com/cve/CVE-1999-1402/ I think this got fixed about 10 years ago everywhere. And since there aren't any other portable solutions for this either, I think it's safe enough nowadays to trust the filesystem permissions.

Review: The Linux Programming Interface

Posted Jan 25, 2011 9:47 UTC (Tue) by paulj (subscriber, #341) [Link]

Solaris 10 does. I doubt it's changed, but havn't checked recent versions of OpenSolaris.