UNIX domain sockets [was Re: dce/rpc services]
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Aug 24 03:58:31 GMT 2000
On Wed, 23 Aug 2000, Sander Striker wrote:
> >Gerald Carter wrote:
> >[]
> >> My understanding of Luke's implementation and how
> >> it could (should) work is this...
> >>
> >> * The UNIX domain socket is only available to
> >> root processes.
> >
> >No, this is wrong. Them are just like other regular files
> >(but not like devices -- you should be root to do mknod),
> >and have usual file permissions (but broken (not honored)
> >on some systems). Any process can create socket where it
> >can create regular file, and any process can use that socket
> >the same like for regular file. The most good comparision
> >here is FIFO.
>
> Err, what Gerald means I think is that Luke is opening
> the domain socket as root and setting all permissions to
> root only.
actually, some OSes do not support chmod on sockets. therefore what you
have to do is create a _directory_ with permissions 0700, and the sockets
are protected as root-only accessible therein.
> This way the domain socket is only available
> between become_root()/unbecome_root() pairs, or something
> like that.
yes. except that for client-side stand-alone programs, what you have to
do is to link with "stubs" of the become_root() / unbecome_root()
functions.
if you are thinking of bitching about this, don't. go look at swat.c,
first, particularly the first four lines of code, _then_ come and tell me
if you think it's a bad idea or not.
> So it's not a restriction the OS introduces, it is an
> implementation choice, to prevent non-root exploits.
correct.
More information about the samba-technical
mailing list