[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4709) Insufficient permissions on PF_LOCAL sockets

ian@uns.ns.ac.yu wrote:
> Linux, as opposed to other *NIXes, honors PF_LOCAL socket file mode bits, so a
> user must have the write permission to use the socket. OpenLDAP bind()s its
> PF_LOCAL sockets without any special arrangements, so the resulting socket's
> permissions are governed by the current umask. Since the umask is usually 022 or
> 002, the socket ends up not being world-writable, making it unusable for users
> other than root.
> Earlier OpenLDAP releases recognized a non-standard "x-mod" URL extension for
> manipulating socket permissions, and the parsing code is still there, but its
> results are unused.
Yes, that's been removed because non-portable and of little use.  The 
preferred use consists in creating the socket according to umask in a 
directory with the desired permissions.  Right now, those permissions 
are used to coarse grain regulate operations on a specific listener; 
considering their limited usefulness, their use is not recommended as 
that extension could be removed.  It's considered experimental.
> With the attached patch, PF_LOCAL sockets are always created world-writable by
> setting the umask to zero before bind(). The previous umask is restored
> immediately afterwards. Umask manipulation shouldn't affect PF_UNIX bind()s, so
> I haven't surrounded it with #ifdef LDAP_PF_LOCAL.
Your approach seems to be sound.  I'll review the patch.

Thanks, p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it