On 03/04/2014 04:21 AM, Noah Misch wrote: > POSIX specifies EACCES as a "may fail" condition for connect() on an AF_UNIX > socket; it is a "shall fail" condition for open(). I take this to mean that a > conforming connect() implementation could ignore directory search permissions > and/or the socket's own file mode. Indeed, a couple of decades ago, some > systems did ignore the socket's own file mode: > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1402 > > Do any porting targets of contemporary relevance still behave this way? If > so, which OS versions are known affected? I have attached a test program that > illustrates the exact behavior in question, which you can use to test your own > system if curious.
CVE tells Solaris 2.x: Can't say for Solaris 2.11, but Solaris 2.10 (sparc & x86) here is affected. /haubi/
