Hello, the missing permissions check is tracked as CVE-1999-1402 and it looks like that this issue is already fixed in current version of the mentioned systems. Thereby I suggest a small update of the related statement. Current: Connecting to the socket object requires read/write permission. This behavior differs from many BSD-derived systems which ignore permissions for Unix sockets. Portable programs should not rely on this feature for security. New: Connecting to the socket object requires read/write permission. The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4 (CVE-1999-1402). Portable programs should not rely on this feature for security. Thanks, Carsten
Hi Carsten Thanks for the report. Have you done any testing of current systems? I tested OpenBSD 5.9, and it seems that there the socket file permissions are checked, as you say. I also tested Solaris 10, and there it looks as though socket file permissions are (still) ignored. Cheers, Michael
For now, I have applied the patch below. Maybe I will do more, depending on further info that you can supply. --- a/man7/unix.7 +++ b/man7/unix.7 @@ -232,7 +232,7 @@ connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket. POSIX does not make any statement about the effect of the permissions -on a socket file, and on many systems (e.g., several BSD derivatives), +on a socket file, and on some systems (e.g., older BSDs), the socket permissions are ignored. Portable programs should not rely on this feature for security.
Lacking any further input, I'm going to consider this resolved. Please reopen if you think something more is required.