Re: Portability of AF_UNIX connect() permission checks

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Portability of AF_UNIX connect() permission checks

From:	Michael Haubenwallner
Subject:	Re: Portability of AF_UNIX connect() permission checks
Date:	Tue, 04 Mar 2014 08:21:48 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131121 Thunderbird/17.0.9

On 03/04/2014 04:21 AM, Noah Misch wrote:
> POSIX specifies EACCES as a "may fail" condition for connect() on an AF_UNIX
> socket; it is a "shall fail" condition for open().  I take this to mean that a
> conforming connect() implementation could ignore directory search permissions
> and/or the socket's own file mode.  Indeed, a couple of decades ago, some
> systems did ignore the socket's own file mode:
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1402
> 
> Do any porting targets of contemporary relevance still behave this way?  If
> so, which OS versions are known affected? I have attached a test program that
> illustrates the exact behavior in question, which you can use to test your own
> system if curious.

CVE tells Solaris 2.x:
Can't say for Solaris 2.11, but Solaris 2.10 (sparc & x86) here is affected.

/haubi/

[Prev in Thread]

Current Thread

[Next in Thread]

Portability of AF_UNIX connect() permission checks, Noah Misch, 2014/03/03
- Re: Portability of AF_UNIX connect() permission checks, Michael Haubenwallner <=
  - Re: Portability of AF_UNIX connect() permission checks, Noah Misch, 2014/03/11

Prev by Date: Portability of AF_UNIX connect() permission checks
Next by Date: [PATCH] stdint, read-file: fix missing SIZE_MAX on Android
Previous by thread: Portability of AF_UNIX connect() permission checks
Next by thread: Re: Portability of AF_UNIX connect() permission checks
Index(es):
- Date
- Thread