UNIX domain sockets [was Re: dce/rpc services]

Luke Kenneth Casson Leighton lkcl at samba.org
Thu Aug 24 03:58:31 GMT 2000

On Wed, 23 Aug 2000, Sander Striker wrote:

> >Gerald Carter wrote:
> >[]
> >> My understanding of Luke's implementation and how
> >> it could (should) work is this...
> >> 
> >>   * The UNIX domain socket is only available to
> >>     root processes.
> >
> >No, this is wrong.  Them are just like other regular files
> >(but not like devices -- you should be root to do mknod),
> >and have usual file permissions (but broken (not honored)
> >on some systems).  Any process can create socket where it
> >can create regular file, and any process can use that socket
> >the same like for regular file.  The most good comparision
> >here is FIFO.
> Err, what Gerald means I think is that Luke is opening
> the domain socket as root and setting all permissions to
> root only.

actually, some OSes do not support chmod on sockets.  therefore what you
have to do is create a _directory_ with permissions 0700, and the sockets
are protected as root-only accessible therein.

> This way the domain socket is only available
> between become_root()/unbecome_root() pairs, or something
> like that.

yes.  except that for client-side stand-alone programs, what you have to
do is to link with "stubs" of the become_root() / unbecome_root()

if you are thinking of bitching about this, don't.  go look at swat.c,
first, particularly the first four lines of code, _then_ come and tell me
if you think it's a bad idea or not.

> So it's not a restriction the OS introduces, it is an
> implementation choice, to prevent non-root exploits.


More information about the samba-technical mailing list