Bug 120061

Summary: unix.7: Extend notes about ignored permissions for UNIX domain sockets
Product: Documentation Reporter: Carsten Grohmann (carstengrohmann)
Component: man-pagesAssignee: documentation_man-pages (documentation_man-pages)
Status: RESOLVED CODE_FIX    
Severity: normal CC: mtk.manpages
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: Subsystem:
Regression: No Bisected commit-id:

Description Carsten Grohmann 2016-06-12 10:54:14 UTC 
Hello,

the missing permissions check is tracked as CVE-1999-1402 and it looks like that this issue is already fixed in current version of the mentioned systems.

Thereby I suggest a small update of the related statement.

Current:
Connecting to the socket object requires read/write permission. This behavior differs from many BSD-derived systems which ignore permissions for Unix sockets. Portable programs should not rely on this feature for security.

New:
Connecting to the socket object requires read/write permission. The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4 (CVE-1999-1402). Portable programs should not rely on this feature for security.

Thanks,
Carsten
Comment 1 Michael Kerrisk 2016-06-20 12:52:28 UTC 
Hi Carsten

Thanks for the report. Have you done any testing of current systems?

I tested OpenBSD 5.9, and it seems that there the socket file permissions are checked, as you say.

I also tested Solaris 10, and there it looks as though socket file permissions are (still) ignored.

Cheers,

Michael
Comment 2 Michael Kerrisk 2016-06-20 13:04:38 UTC 
For now, I have applied the patch below. Maybe I will do more, depending on further info that you can supply.

--- a/man7/unix.7
+++ b/man7/unix.7
@@ -232,7 +232,7 @@ connecting to a stream socket object requires write permission on that socket;
 sending a datagram to a datagram socket likewise
 requires write permission on that socket.
 POSIX does not make any statement about the effect of the permissions
-on a socket file, and on many systems (e.g., several BSD derivatives),
+on a socket file, and on some systems (e.g., older BSDs),
 the socket permissions are ignored.
 Portable programs should not rely on
 this feature for security.
Comment 3 Michael Kerrisk 2016-07-05 07:50:05 UTC 
Lacking any further input, I'm going to consider this resolved. Please reopen if you think something more is required.