* [Bug 120061] New: unix.7: Extend notes about ignored permissions for UNIX domain sockets
@ 2016-06-12 10:54 bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
0 siblings, 1 reply; 4+ messages in thread
From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-12 10:54 UTC (permalink / raw)
To: linux-man-u79uwXL29TY76Z2rM5mHXA
https://bugzilla.kernel.org/show_bug.cgi?id=120061
Bug ID: 120061
Summary: unix.7: Extend notes about ignored permissions for
UNIX domain sockets
Product: Documentation
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P1
Component: man-pages
Assignee: documentation_man-pages-ztI5WcYan/vQLgFONoPN62D2FQJk+8+b@public.gmane.org
Reporter: carstengrohmann-Mmb7MZpHnFY@public.gmane.org
Regression: No
Hello,
the missing permissions check is tracked as CVE-1999-1402 and it looks like
that this issue is already fixed in current version of the mentioned systems.
Thereby I suggest a small update of the related statement.
Current:
Connecting to the socket object requires read/write permission. This behavior
differs from many BSD-derived systems which ignore permissions for Unix
sockets. Portable programs should not rely on this feature for security.
New:
Connecting to the socket object requires read/write permission. The access
permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x,
and other BSD-based operating systems before 4.4 (CVE-1999-1402). Portable
programs should not rely on this feature for security.
Thanks,
Carsten
--
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread[parent not found: <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>]
* [Bug 120061] unix.7: Extend notes about ignored permissions for UNIX domain sockets [not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/> @ 2016-06-20 12:52 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2 siblings, 0 replies; 4+ messages in thread From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-20 12:52 UTC (permalink / raw) To: linux-man-u79uwXL29TY76Z2rM5mHXA https://bugzilla.kernel.org/show_bug.cgi?id=120061 Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org --- Comment #1 from Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> --- Hi Carsten Thanks for the report. Have you done any testing of current systems? I tested OpenBSD 5.9, and it seems that there the socket file permissions are checked, as you say. I also tested Solaris 10, and there it looks as though socket file permissions are (still) ignored. Cheers, Michael -- You are receiving this mail because: You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 120061] unix.7: Extend notes about ignored permissions for UNIX domain sockets [not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/> 2016-06-20 12:52 ` [Bug 120061] " bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2 siblings, 0 replies; 4+ messages in thread From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-06-20 13:04 UTC (permalink / raw) To: linux-man-u79uwXL29TY76Z2rM5mHXA https://bugzilla.kernel.org/show_bug.cgi?id=120061 --- Comment #2 from Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> --- For now, I have applied the patch below. Maybe I will do more, depending on further info that you can supply. --- a/man7/unix.7 +++ b/man7/unix.7 @@ -232,7 +232,7 @@ connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket. POSIX does not make any statement about the effect of the permissions -on a socket file, and on many systems (e.g., several BSD derivatives), +on a socket file, and on some systems (e.g., older BSDs), the socket permissions are ignored. Portable programs should not rely on this feature for security. -- You are receiving this mail because: You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 120061] unix.7: Extend notes about ignored permissions for UNIX domain sockets [not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/> 2016-06-20 12:52 ` [Bug 120061] " bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r 2 siblings, 0 replies; 4+ messages in thread From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r @ 2016-07-05 7:50 UTC (permalink / raw) To: linux-man-u79uwXL29TY76Z2rM5mHXA https://bugzilla.kernel.org/show_bug.cgi?id=120061 Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |CODE_FIX --- Comment #3 from Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> --- Lacking any further input, I'm going to consider this resolved. Please reopen if you think something more is required. -- You are receiving this mail because: You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-05 7:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-12 10:54 [Bug 120061] New: unix.7: Extend notes about ignored permissions for UNIX domain sockets bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
[not found] ` <bug-120061-11311-3bo0kxnWaOQUvHkbgXJLS5sdmw4N0Rt+2LY78lusg7I@public.gmane.org/>
2016-06-20 12:52 ` [Bug 120061] " bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-06-20 13:04 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
2016-07-05 7:50 ` bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).