* [Bug 120061] New: unix.7: Extend notes about ignored permissions for UNIX domain sockets
@ 2016-06-12 10:54 bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
0 siblings, 1 reply; 4+ messages in thread
From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-12 10:54 UTC (permalink / raw)
To: linux-man-u79uwXL29TY76Z2rM5mHXA
https://bugzilla.kernel.org/show_bug.cgi?id=120061
Bug ID: 120061
Summary: unix.7: Extend notes about ignored permissions for
UNIX domain sockets
Product: Documentation
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P1
Component: man-pages
Assignee: documentation_man-pages-ztI5WcYan/vQLgFONoPN62D2FQJk+8+b@public.gmane.org
Reporter: carstengrohmann-Mmb7MZpHnFY@public.gmane.org
Regression: No
Hello,
the missing permissions check is tracked as CVE-1999-1402 and it looks like
that this issue is already fixed in current version of the mentioned systems.
Thereby I suggest a small update of the related statement.
Current:
Connecting to the socket object requires read/write permission. This behavior
differs from many BSD-derived systems which ignore permissions for Unix
sockets. Portable programs should not rely on this feature for security.
New:
Connecting to the socket object requires read/write permission. The access
permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x,
and other BSD-based operating systems before 4.4 (CVE-1999-1402). Portable
programs should not rely on this feature for security.
Thanks,
Carsten
--
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 120061] unix.7: Extend notes about ignored permissions for UNIX domain sockets
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
@ 2016-06-20 12:52 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-20 12:52 UTC (permalink / raw)
To: linux-man-u79uwXL29TY76Z2rM5mHXA
https://bugzilla.kernel.org/show_bug.cgi?id=120061
Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
--- Comment #1 from Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> ---
Hi Carsten
Thanks for the report. Have you done any testing of current systems?
I tested OpenBSD 5.9, and it seems that there the socket file permissions are
checked, as you say.
I also tested Solaris 10, and there it looks as though socket file permissions
are (still) ignored.
Cheers,
Michael
--
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 120061] unix.7: Extend notes about ignored permissions for UNIX domain sockets
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
2016-06-20 12:52 ` [Bug 120061] " bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
@ 2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-20 13:04 UTC (permalink / raw)
To: linux-man-u79uwXL29TY76Z2rM5mHXA
https://bugzilla.kernel.org/show_bug.cgi?id=120061
--- Comment #2 from Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> ---
For now, I have applied the patch below. Maybe I will do more, depending on
further info that you can supply.
--- a/man7/unix.7
+++ b/man7/unix.7
@@ -232,7 +232,7 @@ connecting to a stream socket object requires write
permission on that socket;
sending a datagram to a datagram socket likewise
requires write permission on that socket.
POSIX does not make any statement about the effect of the permissions
-on a socket file, and on many systems (e.g., several BSD derivatives),
+on a socket file, and on some systems (e.g., older BSDs),
the socket permissions are ignored.
Portable programs should not rely on
this feature for security.
--
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 120061] unix.7: Extend notes about ignored permissions for UNIX domain sockets
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
2016-06-20 12:52 ` [Bug 120061] " bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
@ 2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-07-05 7:50 UTC (permalink / raw)
To: linux-man-u79uwXL29TY76Z2rM5mHXA
https://bugzilla.kernel.org/show_bug.cgi?id=120061
Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |CODE_FIX
--- Comment #3 from Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> ---
Lacking any further input, I'm going to consider this resolved. Please reopen
if you think something more is required.
--
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-05 7:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-12 10:54 [Bug 120061] New: unix.7: Extend notes about ignored permissions for UNIX domain sockets bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
2016-06-20 12:52 ` [Bug 120061] " bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).