Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Mar 2013 00:10:38 +0100
From:      Jilles Tjoelker <jilles@stack.nl>
To:        Pawel Jakub Dawidek <pjd@FreeBSD.org>
Cc:        Konstantin Belousov <kostikbel@gmail.com>, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, freebsd-arch@FreeBSD.org
Subject:   Re: bindat(2) and connectat(2) syscalls for review.
Message-ID:  <20130302231038.GA70271@stack.nl>
In-Reply-To: <20130217144321.GJ2023@garage.freebsd.pl>
References:  <20130213230354.GC1375@garage.freebsd.pl> <20130213232004.GA2522@kib.kiev.ua> <20130213234030.GD1375@garage.freebsd.pl> <20130214185549.GA36288@stack.nl> <86ip5saqiu.fsf@ds4.des.no> <20130216232039.GD2023@garage.freebsd.pl> <86y5enaan7.fsf@ds4.des.no> <20130217142038.GA55034@stack.nl> <20130217144321.GJ2023@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Feb 17, 2013 at 03:43:22PM +0100, Pawel Jakub Dawidek wrote:
> But if we are going to do that, it would be nice to have at least one
> useful flag to use in there:)

I have just found a candidate. In a kdump of tmux, there is a
umask/bind/umask sequence. This is because unlike other calls that
create files such as open(), mkdir(), mkfifo() and mknod(), the bind()
function does not have a permissions argument. (symlink() has no
permissions argument but that's because permissions do not matter for
symlinks.)

The umask/bind/umask sequence is not thread-safe.

If the socket is to be accessible for the current user only, a good
workaround is to create the socket in a mode 700 directory and not care
about the permissions of the socket itself.

If the socket is to be accessible for all users, some other filename can
be bound, permissions corrected and then renamed to the expected name.

In some cases, these workarounds may have to be combined.

If we want a cleaner fix for this, it can be done with an extra bindat()
argument, a setsockopt() or wider-ranging changes like a per-thread
umask.

Then again, it is apparently OK that not all filenames are accessible
for binding and connecting sockets, so perhaps this is also OK. Some of
these umask problems are shared with all other calls that create files.

-- 
Jilles Tjoelker

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130302231038.GA70271>