UNIX domain sockets [was Re: dce/rpc services]
Sander Striker
s.striker at striker.nl
Wed Aug 23 11:48:26 GMT 2000
>Gerald Carter wrote:
>[]
>> My understanding of Luke's implementation and how
>> it could (should) work is this...
>>
>> * The UNIX domain socket is only available to
>> root processes.
>
>No, this is wrong. Them are just like other regular files
>(but not like devices -- you should be root to do mknod),
>and have usual file permissions (but broken (not honored)
>on some systems). Any process can create socket where it
>can create regular file, and any process can use that socket
>the same like for regular file. The most good comparision
>here is FIFO.
Err, what Gerald means I think is that Luke is opening
the domain socket as root and setting all permissions to
root only. This way the domain socket is only available
between become_root()/unbecome_root() pairs, or something
like that.
So it's not a restriction the OS introduces, it is an
implementation choice, to prevent non-root exploits.
[...]
Sander
More information about the samba-technical
mailing list