[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Portability of AF_UNIX connect() permission checks
From: |
Noah Misch |
Subject: |
Re: Portability of AF_UNIX connect() permission checks |
Date: |
Tue, 11 Mar 2014 18:56:16 -0400 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Mar 04, 2014 at 08:21:48AM +0100, Michael Haubenwallner wrote:
> On 03/04/2014 04:21 AM, Noah Misch wrote:
> > POSIX specifies EACCES as a "may fail" condition for connect() on an AF_UNIX
> > socket; it is a "shall fail" condition for open(). I take this to mean
> > that a
> > conforming connect() implementation could ignore directory search
> > permissions
> > and/or the socket's own file mode. Indeed, a couple of decades ago, some
> > systems did ignore the socket's own file mode:
> >
> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1402
> >
> > Do any porting targets of contemporary relevance still behave this way? If
> > so, which OS versions are known affected? I have attached a test program
> > that
> > illustrates the exact behavior in question, which you can use to test your
> > own
> > system if curious.
>
> CVE tells Solaris 2.x:
> Can't say for Solaris 2.11, but Solaris 2.10 (sparc & x86) here is affected.
Thanks. That's enough to justify coping with such behavior in new software.