socket file permissions and ownership

Unlike some other *nix flavours, linux honors normal
AF_LOCAL socket file permissions and ownership -- eg,
you can't connect to a socket if file permissions indicate
you can't read/write the file.

But at the same time, linux ignores *changes* in said
permissions/ownership.  The code:

 int sock;
 struct sockaddr_un sun;

 sock = socket(PF_LOCAL, SOCK_STREAM, 0);
 unlink(sun.sun_path);
 bind(sock, (struct sockaddr *)&sun, sizeof(sun));

 fchmod(sock, 0660);
 fchown(sock, 10, 20);

-- in this fragment (initialisation omitted for brevity),
fchown() and fchmod() calls succeed but does exactly nothing,
ie, no permission and ownership change occurs.

"Plain" chmod()/chown() (when referring to the file by name,
not by filedescriptor) works.

I was thinking about actually using the linux feature (linux
checking socket permissions), but it isn't quite possible to
do in a safe way.  That is, I want to be able to create a socket
with given permissions and ownership from within a root-owned
process in a directory not writable by the owner of the socket
to be created.  I can work around fchmod() by altering umask()
prior to bind() call.  But for owner...  Possible scenarios:

 fchown(sock, s_owner, s_group) -- gets ignored by linux

 seteuid(s_owner) before bind() -- s_owner does not have
  permissions to create file(s) in the given directory

 chown(sun.sun_path, s_owner, s_group) -- unsafe from
  security point of view, if parent directory isn't owned
  by root.

I know no other way to set ownership.  And all the above 3
does not work.

So the obvious question: what should linux do, stop honoring
socket permissions and continue ignoring fch*() calls, or
continue using permissions AND implement fch*() calls?
Current situation is.. wrong.  IMHO.

/mjt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Prev by Date: Timestamp API ??
Next by Date: Re: [RFD] What error should FS return when I/O failure occurs?
Previous by thread: Timestamp API ??
Next by thread: [PATCH 2.6.12-rc4-mm1 1/4] megaraid_sas: updating the driver
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]